This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Root exploitation issue Exim-Mailserver

At what time will sophos release a fix for this issue ?

because using a exim mail proxy with a root Remote exploitation ins't a good idea at all.

 

see here:

www.openwall.com/.../4



This thread was automatically locked due to age.
Parents
  • Thanks for sharing. So far I don't see any update on the Sophos Kb. Looks like Exim needs to be updated at least to v.4.87.

    CVE-2019-10149 RCE vulnerability in Exim 4.87 to 4.91.

  • Guys, I don't know that this particular vulnerability has been addressed, but the developers are far more likely to make the adjustment in the code they have rather than risk substituting a newer version that they have not vetted.  If you have a paid license, you can ask Support if this vulnerability exists in the current code.  Please share the result here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Guys, I don't know that this particular vulnerability has been addressed, but the developers are far more likely to make the adjustment in the code they have rather than risk substituting a newer version that they have not vetted.  If you have a paid license, you can ask Support if this vulnerability exists in the current code.  Please share the result here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children