Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mmixed8e at <-
MEvgeniy Berdnikov at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
On 25/06/2019 19:01, mixed8e--- via Exim-users wrote:
>> and i was not sure if EXIM does publish that string in any other possible
>> remote "access vector" too.
>
> That would be nice to know.

A scan over the source gives me:

- logged at daemon startup & shutdown
- written to the process log on SIGUSR1
- included in debug, "-bP config" & "-bV" output
- the default Received: header text
- the default banner text

Only the last two are remotely accessible; all are locally acessible

--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Generated address leaks in 'message/delivery-status' despite enabling 'hide_child_in_errmsg'Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)