Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 1084 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confirmation for Compliancy

rost_opengi

Hello,

We have PCI compliancy organisation requesting information/documentation on whether Sophos UTM is vulnerable to a range of CVE's based on detecting version of the Exim component. Some of the CVE's information as asked already, however we haven't been able to find anything formal in the KBs or community forum related to the following 3:

  1. CVE-2016-1531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531
  2. CVE-2014-2957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957
  3. CVE-2017-1000369 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369

Could we receive kindly confirmation/advise on how others dealt with such requests?



This thread was automatically locked due to age.
Parents
  • 0

    Exim was updated to the latest version with the latest UTM Version. Therefore those CVE are not applied, as all of them applied to older versions. 

    You can also create a support case for confirmation. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you for you response but I can't agree completely, Latest Exim version is 4.94.2. UTM on the latest firmware 9.705-3 has Exim 4.82.1

    I have done support request and received confirmation already, however PCI compliancy organisation doesn't find it sufficient, hence me looking out for other community members experiences in similar situations and getting CVEs of interest confirmed in publicly accessible space due to lack of KB articles so I can provide link as justification for the above organisation.

Reply
  • 0 in reply to LuCar Toni

    Thank you for you response but I can't agree completely, Latest Exim version is 4.94.2. UTM on the latest firmware 9.705-3 has Exim 4.82.1

    I have done support request and received confirmation already, however PCI compliancy organisation doesn't find it sufficient, hence me looking out for other community members experiences in similar situations and getting CVEs of interest confirmed in publicly accessible space due to lack of KB articles so I can provide link as justification for the above organisation.

Children
Unfiltered HTML