Re: [exim] CVE-2019-10149: already vulnerable ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Thomas Hager
Date:  
À: exim-users
Sujet: Re: [exim] CVE-2019-10149: already vulnerable ?


On June 22, 2019 10:44:43 AM GMT+02:00, Andreas Metzler via Exim-users <exim-users@???> wrote:
>Hello

Hi Andreas,

>the log-files on a try to exploit CVE-2019-10149 will look exactly the
>same
>for a vulnerable and for a fixed exim.
>
>CVE-2019-10149 is not that it is possible to submit a mail that ends
>up frozen in the queue. CVE is a remote command execution
>vulnerabilty. The fix for CVE-2019-10149 does not remove the
>possibility to generate frozen mails in the queue, it stops the remote
>command execution.

Thanks for the clarification. I thought so, but it's way better to know ;-)

Cheers,
Tom.

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.