This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EXIM RCE CVE-2019-15846 URGENT

Hi, this seems to be urgent to me as this is remote exploitable. Any update from Sophos for UTM regarding this? Thanks Joerg

 

https://seclists.org/oss-sec/2019/q3/192

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846

https://www.heise.de/security/meldung/Mailserver-Exim-CERT-Bund-kuendigt-Update-fuer-kritische-Schwachstelle-an-4514414.html

 



This thread was automatically locked due to age.
Parents Reply
  • First of all, I agree with most being said, but we have to be a little bit careful with the definition of what we are talking about here. Of course, a naked unpatched EXIM is highly vulnerable. With UTM, it may be the case that you do not speak directly with the EXIM, but with a specific reverse middleware, created by Sophos or if you want to call it like that a "normalizer" or proxy, which you would talk to first and this normalizer would then speak to EXIM. In this respect, it may be possible that this normalizer prevents exactly this exploit because it may strip trailing backslashes. But this just needs to be confirmed 100% by Sophos. Further more, I heard or read about of another method using a crafted certificate to trigger the vulnerability.  

Children
No Data