Re: [exim-dev] CVE-2021-38371 (allows response injection dur…

Top Page
Delete this message
Reply to this message
Author: Harry Mills
Date:  
To: Andrew C Aitchison
CC: exim-dev
Subject: Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)
Hi Andrew,

You are correct. I have setup a test network with the fake-mail-server
running in a VM and I am liaising with the SecVuln guys at the moment to
see if I can reproduce the test they say shows the vulnerability when
Exim is sending email.

Best wishes,

Harry

On 04/01/2022 19:33, Andrew C Aitchison wrote:
> On Tue, 4 Jan 2022, Harry Mills via Exim-dev wrote:
>
>> Hi Jeremy,
>>
>> Thanks for the swift reply. Here is the (anonymised) output of the
>> test tool for reference. It looks like exim 4.94.2 (Centos 8) is not
>> vulnerable:
>>
>> python3 ./command-injection-tester --smtp <MAILSERVER>
>
> As I understand https://nostarttls.secvuln.info/
> command-injection-tester only tests for bugs when exim is receiving
> email;
> to test for the *response* injection bugs in CVE-2021-38371, when exim
> is sending email, you need to use
>    https://github.com/Email-Analysis-Toolkit/fake-mail-server
> which looks more involved to me.
>

-- 
Harry Mills                                         Tel: 01749 812100
Managing Director                                   Mob: 07815 848818
Opendium Ltd.                                       www.opendium.com