Hi,
i could not find anything here at the forums or the offical sophos page.
https://bugs.exim.org/show_bug.cgi?id=2571
Best regards
Stephan
This thread was automatically locked due to age.
Hi,
i could not find anything here at the forums or the offical sophos page.
https://bugs.exim.org/show_bug.cgi?id=2571
Best regards
Stephan
Hallo Stephan & Florian,
It will be quicker to open a case with Sophos Support. Since the CVE was only assigned 4 weeks ago, I would be surprised if a fix already had been applied.
I any case, I can't imagine this could present a problem unless you've configured the SMTP Proxy to do 'Authenticated Relay', a feature I recommend against using (Basic Exchange setup with SMTP Proxy).
Cheers - Bob
The developers normally apply patches instead of going to the effort of integrating a new version.
Cheers - Bob
It might be, that someone is already trying and using it to attack UTMs.
Look at this post thread:
Alexander Poettinger
Sophos Certified Architect - XG
Sophos Certified Technician - XG
Sophos Certified Engineer - UTM
xame gmbh
Sophos Gold Partner
Interesting, Alexander. He IS using Authenticated Relay. I'd forgotten about this vulnerability. You might mention this thread on his thread.
Cheers - Bob
Interesting, Alexander. He IS using Authenticated Relay. I'd forgotten about this vulnerability. You might mention this thread on his thread.
Cheers - Bob