Exim CVEs (21Nails)

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Exim CVEs (21Nails)

From:	Taylan Kammer
Subject:	Exim CVEs (21Nails)
Date:	Mon, 17 May 2021 12:10:26 +0200
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1

Hi Guix people,

Just wanted to make sure everyone's aware, since we package Exim:

https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server

"Last fall, the Qualys Research Team engaged in a thorough code audit of Exim
and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be
exploited remotely. Some of them leading to provide root privileges on the
remote system. And eleven can be exploited locally with most of them can be
exploited in either default configuration or in a very common configuration.
Some of the vulnerabilities can be chained together to obtain a full remote
unauthenticated code execution and gain root privileges on the Exim Server.
Most of the vulnerabilities discovered by the Qualys Research Team for e.g.
CVE-2020-28017 affects all versions of Exim going back all the way to 2004
(going back to the beginning of its Git history 17 years ago)."


-- 
Taylan

[Prev in Thread]

Current Thread

[Next in Thread]

Exim CVEs (21Nails), Taylan Kammer <=
- Re: Exim CVEs (21Nails), Leo Famulari, 2021/05/17
  - Re: Exim CVEs (21Nails), Taylan Kammer, 2021/05/17
    - Re: Exim CVEs (21Nails), Leo Famulari, 2021/05/17

Prev by Date: Re: Questions regarding Python packaging
Next by Date: Re: What’s next?
Previous by thread: Re: Questions regarding Python packaging
Next by thread: Re: Exim CVEs (21Nails)
Index(es):
- Date
- Thread