Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Suggested Answer
  • +9 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 22 subscribers
  • Views 6095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Info urgent EXIM vulnerability

JoergRiether

Hi forum,

any intel or comment from Sophos regarding this?  https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

Is SG affected? 

Thanks

Joerg



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Thank you for contacting the Sophos Community.

    We have reached out internally about this, and once we hear back, we’ll update the post.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    There is already another post here:

     Exim Schwachstelle 

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to PhilippRusch

    Hello Team,

    Recently some vulnerabilities for exim have been reported. Vulnerabilities reported are:

    CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42219.

    Please find more information about Sophos products being vulnerable:

    CVE-2023-42114: SFOS + UTM are not vulnerable because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42115: SFOS + UTM are not vulnerable  because the EXTERNAL authentication method required to exploit is not used 

     CVE-2023-42116: SFOS + UTM are not vulnerable  because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42117: SFOS + UTM are not vulnerable because the proxy-protocol support required to exploit is not used 

    UTM and SFOS are both affected by the libspf2 vulnerability (CVE-2023-42118). Customers using Email Security and have turned on Sender Policy Framework (SPF) are vulnerable to this.

    CVE-2023-42219: Under investigation. There's not enough info from exim yet to determine if we're vulnerable, but it's a CVSS 3.1 so lower severity compared to the others. 

    Workaround:

    Disable SPF using the following steps

    For UTM: 

          Turn off SPF in all SMTP profiles under "Email Protection >> SMTP >> Antispam >> Perform SPF check" and 

          "Email Protection >> SMTP Profiles >> [edit profile] >> BATV/RDNS/HELO/SPF/Greylisting >> Perform SPF check" when in profiles mode.

     

    An UTM MR will be released to patch this vulnerability, date is TBD 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Thanks, highly appreciated.

    Best,

    Joerg

Reply Children
No Data
Unfiltered HTML