Hi forum,
any intel or comment from Sophos regarding this? https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
Is SG affected?
Thanks
Joerg
This thread was automatically locked due to age.
Hi forum,
any intel or comment from Sophos regarding this? https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
Is SG affected?
Thanks
Joerg
Hello,
Thank you for contacting the Sophos Community.
We have reached out internally about this, and once we hear back, we’ll update the post.
Regards,
There is already another post here:
Mit freundlichem Gruß, best regards from Germany,
Philipp Rusch
New Vision GmbH, Germany
Sophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Hi,
some updates from the exim maintainers https://seclists.org/oss-sec/2023/q3/254
"Fixes are available in a protected repository and are ready to be applied by the distribution maintainers ..."
bye Josef
BERGMANN engineering & consulting GmbH, Wien/Austria
Hello Team,
Recently some vulnerabilities for exim have been reported. Vulnerabilities reported are:
CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42219.
Please find more information about Sophos products being vulnerable:
CVE-2023-42114: SFOS + UTM are not vulnerable because the SPA (NTLM) authentication method required to exploit is not used
CVE-2023-42115: SFOS + UTM are not vulnerable because the EXTERNAL authentication method required to exploit is not used
CVE-2023-42116: SFOS + UTM are not vulnerable because the SPA (NTLM) authentication method required to exploit is not used
CVE-2023-42117: SFOS + UTM are not vulnerable because the proxy-protocol support required to exploit is not used
UTM and SFOS are both affected by the libspf2 vulnerability (CVE-2023-42118). Customers using Email Security and have turned on Sender Policy Framework (SPF) are vulnerable to this.
CVE-2023-42219: Under investigation. There's not enough info from exim yet to determine if we're vulnerable, but it's a CVSS 3.1 so lower severity compared to the others.
Workaround:
Disable SPF using the following steps
For UTM:
Turn off SPF in all SMTP profiles under "Email Protection >> SMTP >> Antispam >> Perform SPF check" and
"Email Protection >> SMTP Profiles >> [edit profile] >> BATV/RDNS/HELO/SPF/Greylisting >> Perform SPF check" when in profiles mode.
An UTM MR will be released to patch this vulnerability, date is TBD
Regards,
Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Thanks, highly appreciated.
Best,
Joerg
Unfortunately there's not enough details from Exim on CVE-2023-42119 yet to determine whether the UTM is vulnerable. We're still looking for more details from Exim.
Reading CVE-2023-42119 though, it is an information disclosure (read beyond end of buffer) vulnerability & has a CVSS score of 3.1. My understanding is by itself it doesn't result in arbitrary code execution, RCE is only possible when combined with another vulnerability.
We'll continue to work to determine if UTM is vulnerable as more information from Exim becomes available.
Hi,
It seems the hotfix has been deployed?
Can you confirm that the hotfix affects the exim vulnerability?
DEBUG 2023-10-04 14:31:12Z [2862]: --pkg_sysupdate_version = 3
DEBUG 2023-10-04 14:36:53Z [4426]: --pkg_sysupdate_version = 3
DEBUG 2023-10-04 14:38:39Z [6723]: --pkg_sysupdate_version = 4
DEBUG 2023-10-04 15:01:10Z [14394]: --pkg_sysupdate_version = 4
DEBUG 2023-10-04 15:06:54Z [15946]: --pkg_sysupdate_version = 4
BR Gerd