At what time will sophos release a fix for this issue ?
because using a exim mail proxy with a root Remote exploitation ins't a good idea at all.
see here:
This thread was automatically locked due to age.
At what time will sophos release a fix for this issue ?
because using a exim mail proxy with a root Remote exploitation ins't a good idea at all.
see here:
Guys, I don't know that this particular vulnerability has been addressed, but the developers are far more likely to make the adjustment in the code they have rather than risk substituting a newer version that they have not vetted. If you have a paid license, you can ask Support if this vulnerability exists in the current code. Please share the result here.
Cheers - Bob
Guys, it seems that (at least with XG) enabling recipient verification seems to cure it (see https://community.sophos.com/kb/en-us/134199). Can ANYONE at Sophos please report back if this is also valid for UTM? Further more, why is there an kb for xg but not for utm? BTW UTM 9.603-1 is running EXIM 4.82. This COULD implicate, that UTM is not vulnerable at all ;-) But then again, someone at Sophos should clarify.
Guys, it seems that (at least with XG) enabling recipient verification seems to cure it (see https://community.sophos.com/kb/en-us/134199). Can ANYONE at Sophos please report back if this is also valid for UTM? Further more, why is there an kb for xg but not for utm? BTW UTM 9.603-1 is running EXIM 4.82. This COULD implicate, that UTM is not vulnerable at all ;-) But then again, someone at Sophos should clarify.