Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Páxina inicial
Esta mensaxe é parte do seguinte fío:
M+-\Árbore completa do fío ordenada por data
MM.MSebastian Nielsen o <-
MM\MSebastian Nielsen o ->
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Cyborg
Data:  
Para: exim-users
Asunto: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Am 06.09.19 um 20:50 schrieb Sebastian Nielsen via Exim-users:
> Shouldn't this be in connect ACL?
> How would the deny in MAIL FROM prevent the exploit? What I have understand is that there is exploit in the SNI of the TLS negotiation, thus the whole connect attempt must be rejected right?
>
>

The connect with Starttls is unencrypted, and later upgraded, so you
need to check it later, when its done for sure.

best regards,
Marius

Esta mensaxe foi enviada ás seguintes listas:
Exim-users
Información da lista | Mensaxes recentes		<-Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privilegesRe: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)