Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Heiko Schlittermann &lt;hs () nodmarc schlittermann de&gt;

Date: Sat, 7 Sep 2019 08:23:33 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Phil Pennock &lt;pdp () exim org&gt; (Sa 07 Sep 2019 02:52:56 CEST):
The connect ACL won't protect you against STARTTLS usage, which is far
more common for email than TLS-on-connect.

I myself use the HELO ACL.

This doesn't seem to be sufficient, you can start "submitting" a message to
a remote Exim with the following sequence

    connect
        &lt;-- 250
    EHLO …
        &lt;-- 250
    STARTTLS
        &lt;-- 220
    MAIL
        &lt;-- 250

The client is free to skip the 2nd EHLO/HELO. Tested with OpenSSL
s_client -servername 'foobar\' -starttls smtp -connect …

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet &amp; unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attachment:
signature.asc
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)

&lt;Possible follow-ups&gt;
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)

Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. akuster (Sep 06)

Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Sylvain Beucler (Sep 08)

 

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->