moin moin,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
----
An issue was discovered in the base64d function in the SMTP listener in
Exim before 4.90.1. By sending a handcrafted message, a buffer overflow
may happen. This can be used to execute code remotely.
----
Exim might be your default mail daemon (MTA) and might be installed due to
package dependencies. Default should have it only listening to localhost,
so this issue would not be exploitable unless the attacker is already on
your machine.
You can see if you even have a mail daemon running by checking to see if
you have something listening on port 25.
----
$ ss -tln | grep :25
LISTEN 0 20 127.0.0.1:25 0.0.0.0:*
LISTEN 0 20 [::1]:25 [::]:*
$
----
Those are only listening on localhost ( and not exim ), so wouldn't be
exploitable even if this box was directly connected to the Internet.
If you have 0.0.0.0 or a non-localhost IP while running exim make sure
you've updated recently.
check for exim on debian-based systems:
dpkg -l | grep exim
check for exim on rpm-based systems:
rpm -qa | grep exim
ciao,
der.hans
--
#
https://www.LuftHans.com https://www.PhxLinux.org
# Nobody grows old merely by living a number of years.
# We grow old by deserting our ideals.
# Years may wrinkle the skin, but to give up enthusiasm
# wrinkles the soul. -- Samuel Ullman
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)