[exim] Re: Mitigation statement for CVE-2023-42119

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ian Z via Exim-users
Date:  
À: exim-users
Sujet: [exim] Re: Mitigation statement for CVE-2023-42119
On Wed, Oct 04, 2023 at 10:45:25AM +0200, Slavko via Exim-users wrote:

> > responses--however, if that recursive resolver is on a different
> > machine than exim itself, which probably is a common setup, then
> > an attacker with access to the same local network can just send
> > exim faked DNS responses ahead of the recursive resolver to
> > exploit the vulnerability.


> Please, do you want to tell, that having resolver on localhost
> prevents to exploit this?


Presumably not only localhost, but also different addresses of
interfaces on the same host.

--
Ian

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/