On Thu, 5 Oct 2023 23:15:37 +0200 Heiko Schlittermann via Exim-announce wrote:
> Dear Users,
>
> probably *you* didn't miss it (but we failed to send the announcement
> here¹): we published a security release exim-4.96.1 with the fixes we
> have so far. More fixes will follow, as an other security
On Thu, 5 Oct 2023 23:15:37 +0200 Heiko Schlittermann via Exim-announce wrote:
> Dear Users,
>
> probably *you* didn't miss it (but we failed to send the announcement
> here¹): we published a security release exim-4.96.1 with the fixes we
> have so far. More fixes will follow, as an other security
On Thu, 5 Oct 2023 23:15:37 +0200 Heiko Schlittermann via Exim-announce wrote:
> Dear Users,
>
> probably *you* didn't miss it (but we failed to send the announcement
> here¹): we published a security release exim-4.96.1 with the fixes we
> have so far. More fixes will follow, as an other security
Frank Elsner (Fr 06 Okt 2023 09:13:30 CEST):
> On Thu, 5 Oct 2023 23:15:37 +0200 Heiko Schlittermann via Exim-announce wrote:
> > Dear Users,
> >
> > probably *you* didn't miss it (but we failed to send the announcement
> > here¹): we published a security release exim-4.96.1 with the fixes we
> >
On 2023-10-04, Mario Emmenlauer via Exim-users
wrote:
> On 04.10.23 16:34, Chris Siebenmann wrote:
>>> Now I would like to configure this server as a smarthost, so it will
>>> forward emails from my desktop computers (without static IP or DNS).
>>> Also, I'd like to have unique mailnames for each
On 2023-10-04, Slavko via Exim-users wrote:
> Dňa 4. 10. o 8:45 Florian Zumbiehl via Exim-users napísal(a):
>
>> responses--however, if that recursive resolver is on a different machine
>> than exim itself, which probably is a common setup, then an attacker with
>> access to the same local network
Dňa 6. októbra 2023 2:22:10 UTC používateľ Jasen Betts via Exim-users
napísal:
>> Please, do you want to tell, that having resolver on localhost prevents
>> to exploit this?
>
>It does not prevent the exploit, but to execute the exploit you'd need
>root permissions, which kind of makes it moot,
On 2023-10-06 Slavko via Exim-users wrote:
[...]
> hmm, i still cannot get how "network adjacent" is related to root
> privileges. But my head never was good for attacks...
Hello,
Afaiui the attack will require special DNS packets that would not be
sent out by a real recursive resolver. i.e. the
Dňa 6. októbra 2023 16:24:27 UTC používateľ Andreas Metzler via Exim-users
napísal:
>On 2023-10-06 Slavko via Exim-users wrote:
>[...]
>> hmm, i still cannot get how "network adjacent" is related to root
>> privileges. But my head never was good for attacks...
>
>Hello,
>Afaiui the attack will r
On Fri, Oct 06, 2023 at 06:24:27PM +0200, Andreas Metzler via Exim-users wrote:
> The person (?) sending mails from ZDI does not answer any questions but
> sends out unrelated canned responses. :-(
That's how it seems to me too -- thanks for helping me regain some
self-confidence :-P
Does anyone
Hi!
> Does anyone know who ZDI *is* ? What does the abbreviation stand for?
ZDI stands for zero-day-initiative.
https://www.zerodayinitiative.com/about/
https://nitter.net/thezdi
--
p...@opsec.eu+49 171 3101372Now what ?
--
## subscription configuration (requi
Hi,
Andreas Metzler via Exim-users (Fr 06 Okt 2023
18:24:27 CEST):
> Hello,
> Afaiui the attack will require special DNS packets that would not be
> sent out by a real recursive resolver. i.e. the attacker needs to change
> these packets directly by being in between the resolver and the machine
Dear Exim users,
we released another release candidate: exim-4.97-RC2.
This RC contains the available security fixes. More will follow.
Here is a short excerpt of the Git log:
* 7b3b8d119 - (tag: exim-4.97-RC2, origin/master) Testsuite: retire perl
smartmatch use (24 hours ago) Bernard Quaterma
13 matches
Mail list logo
