Re: [exim] remote access vulnerability in version 4.92-8+deb…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] remote access vulnerability in version 4.92-8+deb10u3
On 30/11/2019 18:41, Haines Brown via Exim-users wrote:
> Of late (perhaps since October?) I've received random messages like
> this:
>
>> Date: Fri, 29 Nov 2019 21:30:34 -0500
>> From: Mail Delivery System <Mailer-Daemon@???>
>> To: postmaster@???
>> Subject: Message frozen
>>
>> Message 1iasWk-0004Ya-NP has been frozen (delivery error message).
>> The sender is <>.
>>
>>  The following address(es) have yet to be delivered:
>>    dng-bounces@???: SMTP error from remote mail server
>>  after pipelined
>>  MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is
>>  prohibited through this server

>
> This apparently is a remote exploit vulnerability


How do you conclude that?
--
Cheers,
Jeremy