Peppermint OS

General => General Discussion => Topic started by: VinDSL on June 15, 2019, 06:00:20 pm

Title: For those of us maintaining mail servers
Post by: VinDSL on June 15, 2019, 06:00:20 pm
A Vulnerability in Exim Could Allow for Remote Command Execution (https://www.cisecurity.org/advisory/a-vulnerability-in-exim-could-allow-for-remote-command-execution_2019-061/)

Yes, REMOTE COMMAND EXECUTION, e.g. execute Linux commands remotely as root (not simply remote code execution).

If you've updated Exim in the past week, you're probably okay.

Otherwise, read n' heed  ;)

Title: Re: For those of us maintaining mail servers
Post by: PCNetSpec on June 16, 2019, 04:54:01 am
As long as postfix is safe I'm happy.
Title: Re: For those of us maintaining mail servers
Post by: VinDSL on June 16, 2019, 08:44:00 am
Remember when everything was done with sendmail?   ;D

They accidentally discovered the exim vuln during a recent exim update. Then, the idiots posted the full attack vector online. Doh!

Long story short: it takes a week for exim to time-out a bounce (default settings). The bounce timer gets reset every 5 minutes, so the perps are resending it every 4 minutes (to play it safe) for 7 days. When exim eventually times-out the bounce, a week later, exim marks it as undeliverable, and navigates to whatever link is crafted in the body of the message. This allows system commands to be initiated on the mail server with root auth.

Nice, eh what?