Choose style:

Author Topic: For those of us maintaining mail servers  (Read 174 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5262
  • Karma: 942
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
For those of us maintaining mail servers
« on: June 15, 2019, 09:00:20 pm »
A Vulnerability in Exim Could Allow for Remote Command Execution

Yes, REMOTE COMMAND EXECUTION, e.g. execute Linux commands remotely as root (not simply remote code execution).

If you've updated Exim in the past week, you're probably okay.

Otherwise, read n' heed  ;)


Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25497
  • Karma: 2807
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: For those of us maintaining mail servers
« Reply #1 on: June 16, 2019, 07:54:01 am »
As long as postfix is safe I'm happy.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5262
  • Karma: 942
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: For those of us maintaining mail servers
« Reply #2 on: June 16, 2019, 11:44:00 am »
Remember when everything was done with sendmail?   ;D

They accidentally discovered the exim vuln during a recent exim update. Then, the idiots posted the full attack vector online. Doh!

Long story short: it takes a week for exim to time-out a bounce (default settings). The bounce timer gets reset every 5 minutes, so the perps are resending it every 4 minutes (to play it safe) for 7 days. When exim eventually times-out the bounce, a week later, exim marks it as undeliverable, and navigates to whatever link is crafted in the body of the message. This allows system commands to be initiated on the mail server with root auth.

Nice, eh what?