Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Andrew C Aitchison at <-
MMHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)
On 15/03/2023 20:00, Andrew C Aitchison via Exim-users wrote:

> > When exim acting as a mail client wishes to send a message,
> a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
> by also sending a response to the *next* command, which exim will
> erroneously treat as a trusted response.

Sigh. Nobody has *ever* shown any way that could have been exploited.--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)