Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
A: exim-users
Assumpte: Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)
On 15/03/2023 20:00, Andrew C Aitchison via Exim-users wrote:

> > When exim acting as a mail client wishes to send a message,
> a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
> by also sending a response to the *next* command, which exim will
> erroneously treat as a trusted response.


Sigh. Nobody has *ever* shown any way that could have been exploited.--
Cheers,
Jeremy