Re: [exim] Exim hostlist in the exim config - related to CV…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJeremy Harris at <-
 
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] Exim hostlist in the exim config - related to CVE-2019-15846
Am 10.09.19 um 13:33 schrieb Michael Love via Exim-users:
> Hi All,
> Question:
> We have a restricted hostlist of only other servers able to email exim 4.86.
> For this new vulnerability, is the TLS handshake executed before the whitelist hostlist lookup, or is the whitelist hostlist queried first?
> Thank you.Michael Love.

If you wanne be sure, use IPTABLES to allow your hosts to relay, not the
outdated exim version.

There could be a lot more bugs in your version, which combined together,
result in a new vulnerability path.


best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.92.2 version[exim] CVE-2019-15846 ..Exim Vulnerability->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)