Re: [exim] CVE-2019-10149: already vulnerable ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: mixed8e
Date:  
À: exim-users
Sujet: Re: [exim] CVE-2019-10149: already vulnerable ?

>> Indeed; but only the banner was being asked about.
> ok, sorry for the noise. for me, the the Recvd header is a kind of
> "banner"
> too. seems a misunderstanding from my side.


Sure, but it's not unreasonable to make helpful suggestions, and I
certainly appreciated learning about received_header_text

>> You're interested in received_header_text, I suspect.
> possible too - but easy to "break" any less known rfcs or "expected
> practices" without a proven "default" and so deeper experience about that


Are you assuming someone would greatly alter the format of the Received
header? Removing the version from the header should not have adverse
effects to my knowledge.

> and i was not sure if EXIM does publish that string in any other possible
> remote "access vector" too.


That would be nice to know.