Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
On 25/06/2019 19:01, mixed8e--- via Exim-users wrote:
>> and i was not sure if EXIM does publish that string in any other possible
>> remote "access vector" too.
>
> That would be nice to know.


A scan over the source gives me:

- logged at daemon startup & shutdown
- written to the process log on SIGUSR1
- included in debug, "-bP config" & "-bV" output
- the default Received: header text
- the default banner text

Only the last two are remotely accessible; all are locally acessible

--
Cheers,
Jeremy