Gitweb:
https://git.exim.org/exim-website.git/commitdiff/8985012787adcd5c6c57f2cc19bc66da78ed8610
Commit: 8985012787adcd5c6c57f2cc19bc66da78ed8610
Parent: 23ffb224862d37e6fa8dd8e192120efaa35e5a98
Author: Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Fri Sep 6 12:58:36 2019 +0200
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri Sep 6 12:58:36 2019 +0200
Add acl snippet as a mitigation method
---
templates/static/doc/security/CVE-2019-15846.txt | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt
index 3a78aa5..aabdf1d 100644
--- a/templates/static/doc/security/CVE-2019-15846.txt
+++ b/templates/static/doc/security/CVE-2019-15846.txt
@@ -27,6 +27,11 @@ Mitigation
Do not offer TLS. (This mitigation is not recommended.)
+For a attacking SNI the following ACL snippet should work:
+
+ # to be prepended to your mail acl (acl_smtp_mail)
+ deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+
Fix
===