On 2023-10-06 Slavko via Exim-users <exim-users@???> wrote:
[...]
> hmm, i still cannot get how "network adjacent" is related to root
> privileges. But my head never was good for attacks...
Hello,
Afaiui the attack will require special DNS packets that would not be
sent out by a real recursive resolver. i.e. the attacker needs to change
these packets directly by being in between the resolver and the machine
hosting exim.
[...]
> BTW, Heiko, i see that discussion with ZDI "continue" on oss-security.
> Please, can you from time to time post summary here?
Until now the discussion there sadly only explains why 3 out of 6
possible issues are still unresolved or not really understood. The
person (?) sending mails from ZDI does not answer any questions but
sends out unrelated canned responses. :-(
cu Andreas
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
