Dňa 3. októbra 2023 15:48:01 UTC používateľ Johnnie W Adams via Exim-users <exim-users@???> napísal:
>Hi, folks,
>
> What I take from this mitigation statement--Use a trustworthy DNS
>resolver which is able to validate the data according to the DNS record
>types--is that if our DNS service is solid, we are not vulnerable. Is this
>accurate, or am I oversimplifying things? The mitigation statement from ZDI
>was much more ominous, but I'm still parsing "network-adjacent attackers".
You may be interested to read independent review of highest issue:
https://labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/
As confirmed by Jeremy, it is realistic... And now one can do own
conclusion about ZDI marking it 0day and assign it score 9,8.
The questions which comes into my mind: How reliable is ZDI then in
other issues categorization/scoring? What is ZDI trying to achieve?
I will not answe them, as i can only guess, but i will not consider ZDI
as trustworthy source of security issues.
regards
--
Slavko
https://www.slavino.sk/
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/