?

Log in

No account? Create an account
 
 
10 June 2019 @ 11:20 pm
"Алярма!!! Дыра в EXIM!"  
Коллеги, внимание!

У кого Exim НЕ обновлен до версии 4.92 - НЕМЕДЛЕННО обновитесь!

CVE-2019-10149.

Потенциально уязвимы несколько миллионов серверов по всему миру, уязвимость критическая: (CVSS 3.0 base score = 9.8/10)

Прямо сейчас идет активное заражение!

Подробнее тут:
https://habr.com/ru/post/455598/

__
 
 
 
iamnewborn: pic#125770097iamnewborn on June 10th, 2019 09:13 pm (UTC)
Уязвимость используется при получении письма снаружи или другими способами?
Т.е. если у меня закрыт SMTP/IMAP из интернета, то можно спать спокойно?
Хвостат Хвостатычhvostat_hvostat on June 10th, 2019 09:41 pm (UTC)
Цитирую:

CVE-2019-10149 is a remote command execution vulnerability introduced in Exim version 4.87 which was released on April 6, 2016. In default configurations, a local attacker is capable of exploiting this vulnerability to execute commands as the “root” user “instantly” by sending mail to a specially crafted mail address on localhost that will be interpreted by the expand_string function within the deliver_message() function. Remote exploitation under the default configuration is possible, but considered to be unreliable, as an attacker would need to maintain connection to a vulnerable server for 7 days.

In certain non-default configurations, remote exploitation is possible. For instance, if the requirement for ‘verify = recipient’ ACL was removed from the the default configuration file (src/configure.default), uncommenting out the ‘local_part_suffix = +* : -*’ under the userforward router in the default configuration, or if Exim was “configured to relay mail to a remote domain, as a secondary MX (Mail eXchange).”