A fix for the vulnerability, as well as a detailed description of it, will be published shortly. In order to prevent attacks using CVE-2019-15846, it is recommended that you upgrade Exim to version 4.92.2 or later.
An exploited user or an attacker who is on the same network as the vulnerable device can exploit the vulnerability. It can also be operated remotely if the server is connected to the Internet.
“Reported as CVE-2019-15846, this security vulnerability only affects Exim servers that accept TLS connections, potentially allowing attackers to access the system at the root level,” sending an SNI ending in a backslash sequence during the initial TLS handshake”, – inform Exim developers.
According to one of Exim developers, Heiko Schlitterman, he and his colleagues became aware of the vulnerability on September 3. The next day, the newsletter subscribers received a notification about the upcoming patch, which will be in the nearest future.
“So far, a full-fledged working exploit for the vulnerability does not exist. However, there is already a primitive PoC exploit, and administrators are strongly advised to install the update as soon as possible”, — said Heiko Schlitterman.
The patch is the largest update since the release of Exim 4.92.1, issued in July this year.
The update also fixed a critical vulnerability (CVE-2019-13917), which allowed remote code execution with superuser rights and non-standard configuration settings.
Just three months ago, Exim also fixed a serious remote command execution vulnerability, tracked as CVE-2019-10149, which was actively used in the wild by various hacker groups to crack vulnerable servers.
Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet’s email servers today for routing, delivering and receiving email messages.
About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…
About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…
About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…
About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…
About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…
About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…