oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges

From: Heiko Schlittermann <hs () nodmarc schlittermann de>
Date: Sat, 7 Sep 2019 08:23:33 +0200
Phil Pennock <pdp () exim org> (Sa 07 Sep 2019 02:52:56 CEST):

The connect ACL won't protect you against STARTTLS usage, which is far
more common for email than TLS-on-connect.

I myself use the HELO ACL.


This doesn't seem to be sufficient, you can start "submitting" a message to
a remote Exim with the following sequence

    connect
        <-- 250
    EHLO …
        <-- 250
    STARTTLS
        <-- 220
    MAIL
        <-- 250

The client is free to skip the 2nd EHLO/HELO. Tested with OpenSSL
s_client -servername 'foobar\' -starttls smtp -connect …

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: