Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a h…

Páxina inicial
Esta mensaxe é parte do seguinte fío:
MÁrbore completa do fío ordenada por data
MMHeiko Schlittermann o <-
MPeter Wullinger o ->
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Heiko Schlittermann
Data:  
Para: exim-users
Asunto: Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow
Hi folks,

this message

Heiko Schlittermann via Exim-users <exim-users@???> (Mo 16 Mai 2022 18:21:30 CEST):
>    Hello there,
>    After you've rev-iewed all these documents, we can -easily talk abou-t
>    the following steps:
 

>    2019-09-28 Release 4.92.3, Release-Announcements to
>    exim-{announce,users,maintainers}, oss-security
> -- 
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

wasn't sent by me. If I'm not mistaken, then there was nothing wrong
with he message (From: doesn't use *my* domain, Sender didn't use *my*
domain, they just abused my display name (not even sure about this,
nobody can tell if there isn't a duplicate of my natural name ;).)

Unfortunately mailman cuts away the addresses (to allow passing DMARC
checks on your end). 

    Authentication-Results: exim.org;
            iprev=pass (srv16-61.benzahosting.cl) smtp.remote-ip=131.72.236.61;
            spf=pass smtp.mailfrom=segurytech.cl;
            dkim=pass header.d=segurytech.cl header.s=default header.a=rsa-sha256;
            dmarc=none header.from=segurytech.cl; arc=none
    Received: from srv16-61.benzahosting.cl ([131.72.236.61]:56041)
            by hummus.exim.org with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
            (Exim 4.94.2-31-g503e55a2c) (envelope-from <eul62igm@???>)
            id 1nqdUG-0005f4-3N
            for exim-users@???; Mon, 16 May 2022 16:22:26 +0000
    Received: from [204.138.26.219] (port=36586 helo=srv16.benzahosting.cl)
            by srv16.benzahosting.cl with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
            (Exim 4.95) (envelope-from <eul62igm@???>)
            id 1nqdTV-00EfP2-6f for exim-users@???;
            Mon, 16 May 2022 12:21:36 -0400
    Date: Mon, 16 May 2022 08:21:30 -0800
    X-Priority: 3 (Normal)
    To: exim-users@???
    Message-ID: <5quvqrbobunhvyiplqb5x6nms4oxftmp@???>


So Exim on Hummus didn't have any chance to detect the fake.
We we need to re-think which of our mailing lists will be closed.

BTW, message from me are GPG signed. Always. And if not, then please do
not trust the message. 

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Esta mensaxe foi enviada ás seguintes listas:
Exim-users
Información da lista | Mensaxes recentes		<-Re: [exim] Exim 4.96-RC1 releasedRe: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)