-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
Shodan [1] reports loads of vulnerable [2] servers running pre 4.92
versions of Exim, those include Debian Exim variants reporting 4.89
.... even for fully patched servers.
$ telnet mail.example.org 25
Trying ip_add_re_ss...
Connected to mail.example.org.
Escape character is '^]'.
220 mail.example.org ESMTP Exim 4.89 Thu, 20 Jun 2019 22:46:55 +1000
QUIT
221 mail.example.org closing connection
Connection closed by foreign host.
# dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t
exim4 4.89-2+deb9u4
exim4-base 4.89-2+deb9u4
exim4-config 4.89-2+deb9u4
exim4-daemon-heavy 4.89-2+deb9u4
exim4-doc-html 4.89-1
Is there a way to provide version of "4.92" easily or some other text
to stop the likelihood of outsiders trying to pound on and exploit the
server? Even though they won't be able to do successfully due to up to
date patch status.
[1] This Showdan query needs a login:
https://www.shodan.io/search?query=product%3Aexim+-4.92
[2]
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-ser
vers-exposed-to-local-remote-attacks/
- --
Kind Regards
AndrewM
Andrew McGlashan
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQuJagAKCRCoFmvLt+/i
+zdHAP9ubOiFuM84l9bTVFGPHxxWqnYh0mEc6sjnj1lGx73r6wD+MHsAojEYeS/H
Dc6QS9fgAliTAqPgf4+dBJ+7lKYdBQM=
=P4iw
-----END PGP SIGNATURE-----
