This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What about CVE-2018-6789

Hi folks,

 

any news about new CVE-2018-6789?

Is there a patch release on the air for UTM?

In 9.508 version seems not present.

The alert is reported also in nakedsecurity

 

Cheers

Max.



This thread was automatically locked due to age.
Parents
  • Ciao Max,

    Interesting, but I wonder if the stripped-down, hardened version of Exim in use in the UTM has this exposure.  Since it deals with base64d, I would think that the Proxy would have to use that before it could do antivirus or antispam.   Still, I think any exploit would be limited to Exim because the Proxy is chroot'd.

    Let's hope a Sophos person sees this and gets a comment from their specialist.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Ciao Max,

    Interesting, but I wonder if the stripped-down, hardened version of Exim in use in the UTM has this exposure.  Since it deals with base64d, I would think that the Proxy would have to use that before it could do antivirus or antispam.   Still, I think any exploit would be limited to Exim because the Proxy is chroot'd.

    Let's hope a Sophos person sees this and gets a comment from their specialist.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data