Exim Multiple Vulnerabilities
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Exim. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.
[Updated on 2023-10-03]
For CVE-2023-42117, CVE-2023-42118, and CVE-2023-42119, fix is not yet available.
Exim has released the mitigation for these vulnerabilities.
CVE-2023-42117: Do not use Exim behind an untrusted proxy-protocol proxy.
CVE-2023-42118: Do not use the 'spf' condition in your ACL.
CVE-2023-42119: Use a trustworthy DNS resolver which is able to validate the data according to the DNS record types.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Exim versions prior to 04107e98d, 4.96.1, 4.97
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Update to version 04107e98d, 4.96.1, 4.97
Vulnerability Identifier
Source
Related Link
- https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
- https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1471/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1472/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
沒有留言:
發佈留言