<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Sat, 7 Sep 2019 08:23:33 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Phil Pennock <pdp () exim org> (Sa 07 Sep 2019 02:52:56 CEST):
The connect ACL won't protect you against STARTTLS usage, which is far
more common for email than TLS-on-connect.
I myself use the HELO ACL.
This doesn't seem to be sufficient, you can start "submitting" a message to
a remote Exim with the following sequence
connect
<-- 250
EHLO …
<-- 250
STARTTLS
<-- 220
MAIL
<-- 250
The client is free to skip the 2nd EHLO/HELO. Tested with OpenSSL
s_client -servername 'foobar\' -starttls smtp -connect …
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description:
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)
<Possible follow-ups>
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)
Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. akuster (Sep 06)
Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Sylvain Beucler (Sep 08)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->