Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
M--+\the complete thread tree sorted by date
M-\MM\Andreas Metzler at <-
M\MMMMHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Thomas Hager
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?


On June 22, 2019 10:44:43 AM GMT+02:00, Andreas Metzler via Exim-users <exim-users@???> wrote:
>Hello
Hi Andreas,

>the log-files on a try to exploit CVE-2019-10149 will look exactly the
>same
>for a vulnerable and for a fixed exim.
>
>CVE-2019-10149 is not that it is possible to submit a mail that ends
>up frozen in the queue. CVE is a remote command execution
>vulnerabilty. The fix for CVE-2019-10149 does not remove the
>possibility to generate frozen mails in the queue, it stops the remote
>command execution.
Thanks for the clarification. I thought so, but it's way better to know ;-)

Cheers,
Tom.

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] CVE-2019-10149: already vulnerable ?Re: [exim] CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)