Hi,
hope that Sophos knows about the new Exim vulnerabilities and wil release hotfix:
This thread was automatically locked due to age.
Hi,
hope that Sophos knows about the new Exim vulnerabilities and wil release hotfix:
Hi Tomas Beran,
Thank you for reaching out to the Sophos community team. Our dev team is investigating this under ID NC-72625.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
can we expect that these security holes to are patched by hotfix or would customers have to wait until the next SFOS update? are there any steps to mitigate the vulnerabilities in the meantime manually or at least ways to check if the system is already compromised?
I would like to see a response similar to "Asnarök" from sophos. As it seems that the impact is pretty serious and the exploits are around for more than 2 months
Hi Samuel Heinrich,
We'll update the following blog post as the new information becomes available:
Thanks,
JFYI: The Advisory was updated with the latest information.
__________________________________________________________________________________________________________________
As stated by the advisory post:
Sophos Firewall customers not licensed for email protection, and those using legacy mode (transparent email proxy) for email, are not vulnerable.
__________________________________________________________________________________________________________________
Hi .
Thank you for posting Advisory. But I think Sophos should especially address the SG UTM as most of the customers using Sophos are on SG.
We'd expect that an issue that could gain root access on the firewall would be addressed immediatly.
Exim is one thing. But would Sophos address other vulnerabilties on firewalls that could gain root access in time?
There is no mitigation for SG. Disabling services like mail is not an option. And in other cases shutting down the firewall completly?
Regards,
Thomas
This is a Thread for Sophos XG Firewall. Sophos is working on both fixes on both products. Sophos XG Firewall has a hotfix mechanism, which allows to deploy hotfixes on the product without downtime etc. All customers with enabled Hotfixes already got the fix. UTM needs a complete new release, which assuming takes more time compared to a hotfix.
As another workaround, Central Email offers a 100 mailbox free trial. Its easy to setup and could be implemented for the customer within minutes. Simply deploy the mailboxes in Central (AD Sync), deploy the MX (switch to Central) and redirect the mails to Central. Forward the mails to UTM and only open the Mail protection of UTM to Central delivery IPs.
__________________________________________________________________________________________________________________