oss-sec mailing list archives
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
From: Phil Pennock <pdp () exim org>
Date: Mon, 9 Sep 2019 14:50:52 -0400
On 2019-09-07 at 08:23 +0200, Heiko Schlittermann wrote:
Phil Pennock <pdp () exim org> (Sa 07 Sep 2019 02:52:56 CEST):The connect ACL won't protect you against STARTTLS usage, which is far more common for email than TLS-on-connect. I myself use the HELO ACL.This doesn't seem to be sufficient, you can start "submitting" a message to a remote Exim with the following sequence
Yeah sorry folks, that was a little embarrassing: my setup, and various common configurations (including apparently RedHat's) enforce EHLO-after-STARTTLS. But that's Exim configuration, not hard-enforced in the code. "Be lenient in what you accept" ... bah humbug. Exim's default configuration has included this check, at RCPT time (which still works for our purposes) since commit 731c6a9043 in 2016, included in releases 4.87 onwards. So I use the HELO ACL and it's safe in "many" configurations, but we have to be more cautious in recommending mitigating workarounds. -Phil
Current thread:
- CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- <Possible follow-ups>
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)