Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Top Page
This message is part of the following thread:
M+-\the complete thread tree sorted by date
MM.MSebastian Nielsen at <-
MM\MSebastian Nielsen at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Am 06.09.19 um 20:50 schrieb Sebastian Nielsen via Exim-users:
> Shouldn't this be in connect ACL?
> How would the deny in MAIL FROM prevent the exploit? What I have understand is that there is exploit in the SNI of the TLS negotiation, thus the whole connect attempt must be rejected right?
>
>

The connect with Starttls is unencrypted, and later upgraded, so you
need to check it later, when its done for sure.

best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privilegesRe: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)