[exim] Re: Mitigation statement for CVE-2023-42119

Inizio della pagina
Delete this message
Reply to this message
Autore: Kurt Jaeger
Data:  
To: Johnnie W Adams
CC: exim-users
Oggetto: [exim] Re: Mitigation statement for CVE-2023-42119
Hi!

>      What I take from this mitigation statement--Use a trustworthy DNS
> resolver which is able to validate the data according to the DNS record
> types--is that if our DNS service is solid, we are not vulnerable. Is this
> accurate, or am I oversimplifying things? The mitigation statement from ZDI
> was much more ominous, but I'm still parsing "network-adjacent attackers".


As far as I know, there was not enough info in the ZDI report to
really have a reproducible test case. So we're all a little bit
in the dark.

See

https://lists.isc.org/pipermail/bind-users/2023-October/107997.html

and follow-ups for a few comments on the topic for bind.

-- 
pi@???            +49 171 3101372                    Now what ?


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/