On Sat, Sep 30, 2023 at 08:36:02AM +0100, Andrew C Aitchison via mailop wrote: > On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote: > > I haven't even heard exim *mentioned* in like 20 years; these stats can't be > > right, can they? > > > > https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/ > > https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/?comments=1 > > gives a more plausible stat.
The question is how many of those exim servers are actually vulnerable. My understanding (after looking a bit into these issues, but not having any inside knowledge) is that it heavily depends on your configuration and only a tiny percentage of servers will be affected (this includes CVE-2023-42115). Christof -- https://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop