Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a h…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMHeiko Schlittermann at <-
MPeter Wullinger at ->
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow
Hi folks,

this message

Heiko Schlittermann via Exim-users <exim-users@???> (Mo 16 Mai 2022 18:21:30 CEST):
>    Hello there,
>    After you've rev-iewed all these documents, we can -easily talk abou-t
>    the following steps:
 

>    2019-09-28 Release 4.92.3, Release-Announcements to
>    exim-{announce,users,maintainers}, oss-security
> -- 
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

wasn't sent by me. If I'm not mistaken, then there was nothing wrong
with he message (From: doesn't use *my* domain, Sender didn't use *my*
domain, they just abused my display name (not even sure about this,
nobody can tell if there isn't a duplicate of my natural name ;).)

Unfortunately mailman cuts away the addresses (to allow passing DMARC
checks on your end). 

    Authentication-Results: exim.org;
            iprev=pass (srv16-61.benzahosting.cl) smtp.remote-ip=131.72.236.61;
            spf=pass smtp.mailfrom=segurytech.cl;
            dkim=pass header.d=segurytech.cl header.s=default header.a=rsa-sha256;
            dmarc=none header.from=segurytech.cl; arc=none
    Received: from srv16-61.benzahosting.cl ([131.72.236.61]:56041)
            by hummus.exim.org with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
            (Exim 4.94.2-31-g503e55a2c) (envelope-from <eul62igm@???>)
            id 1nqdUG-0005f4-3N
            for exim-users@???; Mon, 16 May 2022 16:22:26 +0000
    Received: from [204.138.26.219] (port=36586 helo=srv16.benzahosting.cl)
            by srv16.benzahosting.cl with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
            (Exim 4.95) (envelope-from <eul62igm@???>)
            id 1nqdTV-00EfP2-6f for exim-users@???;
            Mon, 16 May 2022 12:21:36 -0400
    Date: Mon, 16 May 2022 08:21:30 -0800
    X-Priority: 3 (Normal)
    To: exim-users@???
    Message-ID: <5quvqrbobunhvyiplqb5x6nms4oxftmp@???>


So Exim on Hummus didn't have any chance to detect the fake.
We we need to re-think which of our mailing lists will be closed.

BTW, message from me are GPG signed. Always. And if not, then please do
not trust the message. 

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.96-RC1 releasedRe: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)