This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exim vulnerabilities

Tomas Beran over 2 years ago

Hi,

hope that Sophos knows about the new Exim vulnerabilities and wil release hotfix:

https://www.bleepingcomputer.com/news/security/critical-21nails-exim-bugs-expose-millions-of-servers-to-attacks/

This thread was automatically locked due to age.

Top Replies

FormerMember over 2 years ago in reply to Samuel Heinrich +2 suggested

Hi Samuel Heinrich , We'll update the following blog post as the new information becomes available: Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim Thanks,

0 Vishal_R over 2 years ago

Hi Tomas Beran,

Thank you for reaching out to the Sophos community team. Our dev team is investigating this under ID NC-72625.

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Tomas Beran over 2 years ago in reply to Vishal_R

Thanks for information Vishal.
Cancel
Vote Up +1 Vote Down

Cancel
0 Samuel Heinrich over 2 years ago in reply to Vishal_R

can we expect that these security holes to are patched by hotfix or would customers have to wait until the next SFOS update? are there any steps to mitigate the vulnerabilities in the meantime manually or at least ways to check if the system is already compromised?

I would like to see a response similar to "Asnarök" from sophos. As it seems that the impact is pretty serious and the exploits are around for more than 2 months
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 2 years ago in reply to Samuel Heinrich
Hi Samuel Heinrich,

We'll update the following blog post as the new information becomes available:

Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

Thanks,
Cancel
Vote Up +2 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to FormerMember

JFYI: The Advisory was updated with the latest information.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 LHerzog over 2 years ago in reply to LuCar Toni

thanks for bringing attention to this.

is XG or SG vulnerable against that if mail protection is off?
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to LHerzog

As stated by the advisory post:

Sophos Firewall customers not licensed for email protection, and those using legacy mode (transparent email proxy) for email, are not vulnerable.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to LuCar Toni

Hi folks,

hot fix notification is appearing on GUI console.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 ThomW over 2 years ago in reply to FormerMember

Hi .

Thank you for posting Advisory. But I think Sophos should especially address the SG UTM as most of the customers using Sophos are on SG.

We'd expect that an issue that could gain root access on the firewall would be addressed immediatly.

Exim is one thing. But would Sophos address other vulnerabilties on firewalls that could gain root access in time?

There is no mitigation for SG. Disabling services like mail is not an option. And in other cases shutting down the firewall completly?

Regards,

Thomas

Sophos Gold Partner

4TISO GmbH, Germany

If a post solves your question click the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to ThomW

This is a Thread for Sophos XG Firewall. Sophos is working on both fixes on both products. Sophos XG Firewall has a hotfix mechanism, which allows to deploy hotfixes on the product without downtime etc. All customers with enabled Hotfixes already got the fix. UTM needs a complete new release, which assuming takes more time compared to a hotfix.

As another workaround, Central Email offers a 100 mailbox free trial. Its easy to setup and could be implemented for the customer within minutes. Simply deploy the mailboxes in Central (AD Sync), deploy the MX (switch to Central) and redirect the mails to Central. Forward the mails to UTM and only open the Mail protection of UTM to Central delivery IPs.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel