Autor: Jeremy Harris Datum: To: exim-users Betreff: Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)
On 15/03/2023 20:00, Andrew C Aitchison via Exim-users wrote:
> > When exim acting as a mail client wishes to send a message,
> a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
> by also sending a response to the *next* command, which exim will
> erroneously treat as a trusted response.
Sigh. Nobody has *ever* shown any way that could have been exploited.--
Cheers,
Jeremy