Hi,
hope that Sophos knows about the new Exim vulnerabilities and wil release hotfix:
This thread was automatically locked due to age.
Hi,
hope that Sophos knows about the new Exim vulnerabilities and wil release hotfix:
Hi Tomas Beran,
Thank you for reaching out to the Sophos community team. Our dev team is investigating this under ID NC-72625.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
can we expect that these security holes to are patched by hotfix or would customers have to wait until the next SFOS update? are there any steps to mitigate the vulnerabilities in the meantime manually or at least ways to check if the system is already compromised?
I would like to see a response similar to "Asnarök" from sophos. As it seems that the impact is pretty serious and the exploits are around for more than 2 months
Hi Samuel Heinrich,
We'll update the following blog post as the new information becomes available:
Thanks,
JFYI: The Advisory was updated with the latest information.
__________________________________________________________________________________________________________________
As stated by the advisory post:
Sophos Firewall customers not licensed for email protection, and those using legacy mode (transparent email proxy) for email, are not vulnerable.
__________________________________________________________________________________________________________________
Hi .
Thank you for posting Advisory. But I think Sophos should especially address the SG UTM as most of the customers using Sophos are on SG.
We'd expect that an issue that could gain root access on the firewall would be addressed immediatly.
Exim is one thing. But would Sophos address other vulnerabilties on firewalls that could gain root access in time?
There is no mitigation for SG. Disabling services like mail is not an option. And in other cases shutting down the firewall completly?
Regards,
Thomas
This is a Thread for Sophos XG Firewall. Sophos is working on both fixes on both products. Sophos XG Firewall has a hotfix mechanism, which allows to deploy hotfixes on the product without downtime etc. All customers with enabled Hotfixes already got the fix. UTM needs a complete new release, which assuming takes more time compared to a hotfix.
As another workaround, Central Email offers a 100 mailbox free trial. Its easy to setup and could be implemented for the customer within minutes. Simply deploy the mailboxes in Central (AD Sync), deploy the MX (switch to Central) and redirect the mails to Central. Forward the mails to UTM and only open the Mail protection of UTM to Central delivery IPs.
__________________________________________________________________________________________________________________
This is a Thread for Sophos XG Firewall. Sophos is working on both fixes on both products. Sophos XG Firewall has a hotfix mechanism, which allows to deploy hotfixes on the product without downtime etc. All customers with enabled Hotfixes already got the fix. UTM needs a complete new release, which assuming takes more time compared to a hotfix.
As another workaround, Central Email offers a 100 mailbox free trial. Its easy to setup and could be implemented for the customer within minutes. Simply deploy the mailboxes in Central (AD Sync), deploy the MX (switch to Central) and redirect the mails to Central. Forward the mails to UTM and only open the Mail protection of UTM to Central delivery IPs.
__________________________________________________________________________________________________________________
Hello LuCar Toni.
I appreciate your answers in the forum. But regarding this issue I do not agree with your suggestions.
1. Please don't get stuck on the word hotfix like used in SFOS. In SG UTM and especially in Astaro times, it was possible to react on those cases fast. And kind of hotfixes were done with small new Versions fast, which had just a some MB or KB download size.(see Index of /UTM/v9/up2date/ (astaro.com)) So it should be possible
2. Changing a mail workflow to some kind of Cloud is not possible or allowed for the customers. If it would have been possible, the customers would potentially have done it already. So your Sophos Central workaround is not really helpful. When customers use on premise it is not a good advice to give a workaround that would completly change the workflow. And keep in mind. We are talking about a patch in a small module which is minor (4.92 to 4.94-2).
3. There are lots of premium support customers in our case. They don't get support and fix in time. So Sophos should think about.
4. XG appliances for very small customers 105 eg don't get update fast and SFOS 17 has the feature of Hotfixes. But this is not the customer for mail anyway.
Regardless this Exim bug I'm more concered about the Support-/Fix-Handling in general. What if it is Bug in another module like VPN which allowes RCE. Should the customer turn of VPN for it's users for a week. Think of our current global concerns regarding Corona. Thousands of companies and users get advice from Sophos - sorry pleast go to office. We'll fix that issue in let's say 10 days?
I would appreciate if such kind of bugs get addressed faster. Not providing workarounds for thousands of companies just when Sophos could rollout a small patch. Little cost for one company and not for the customers that already paid for a security solution which should address this issues.
