On Sun, 01 Oct 2023 19:50:43 +0000, Slavko via Exim-users wrote: > Dňa 1. októbra 2023 17:49:26 UTC používateľ Rainer Dorsch via Exim-users > <exim-users@lists.exim.org> napísal: >>I stopped the exim4 service on servers with port 25 accessible from the >>internet > > Please why? > > + do you use AUTH (NTLM/EXTERNAL) on port 25?
This was only officially confirmed today (which is very unfortunate), https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ just had "(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability" When I looked at it yesterday I eventually found enough information that suggested it's only exploitable with "AUTH EXTERNAL", so wasn't worried after I found that. But until then I was actually quite worried as well. Christof -- https://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
