Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M--+\Heiko Schlittermann at <-
M+\MMSebastian Nielsen at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
Am 06.09.19 um 13:14 schrieb Heiko Schlittermann via Exim-users:
> An Update to the mitigation for the current CVE:
>
> Add - as part of the mail ACL (the ACL referenced by the main config
> option "acl_smtp_mail"):
>
>      deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
>      deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}

>
> This should prevent the currently known attack vector.
>

If anyone wondered, why Fedora did not have updates ready, someone was
on vacation ;)

I just got word from Fedora, the exim update is now "urgent" :D

Best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)