Re: [exim] CVE-2019-10149: already vulnerable ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Heiko Schlittermann
Date:  
À: exim-users
Sujet: Re: [exim] CVE-2019-10149: already vulnerable ?
Niels Dettenbach via Exim-users <exim-users@???> (Di 25 Jun 2019 14:48:20 CEST):
> Am Dienstag, 25. Juni 2019, 13:53:26 CEST schrieb Jeremy Harris via Exim-
> users:
> > No recompile needed. smtp_banner.
> This only set's the banner, but not the SMTP-Headers " by " which are
> "public" too and used as a idicator for "security researchers" (by my
> experience) - i.e. germany BSI.


    Starting with the next version (4.93) we have "exim_version" main
    option.


    +------------------------------------------------------------+
    |exim_version|Use: main|Type: string|Default: current version|
    +------------------------------------------------------------+


    This option allows to override the $version_number/$exim_version Exim reports
    in various places. Use with care, this may fool stupid security scanners.



    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -