Re: [exim] Exim hostlist in the exim config - related to CV…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] Exim hostlist in the exim config - related to CVE-2019-15846
Am 10.09.19 um 13:33 schrieb Michael Love via Exim-users:
> Hi All,
> Question:
> We have a restricted hostlist of only other servers able to email exim 4.86.
> For this new vulnerability, is the TLS handshake executed before the whitelist hostlist lookup, or is the whitelist hostlist queried first?
> Thank you.Michael Love.


If you wanne be sure, use IPTABLES to allow your hosts to relay, not the
outdated exim version.

There could be a lot more bugs in your version, which combined together,
result in a new vulnerability path.


best regards,
Marius