Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Am 06.09.19 um 20:50 schrieb Sebastian Nielsen via Exim-users:
> Shouldn't this be in connect ACL?
> How would the deny in MAIL FROM prevent the exploit? What I have understand is that there is exploit in the SNI of the TLS negotiation, thus the whole connect attempt must be rejected right?
>
>


The connect with Starttls is unencrypted, and later upgraded, so you
need to check it later, when its done for sure.

best regards,
Marius