gpg: Signature made Fri May 21 15:47:23 2021 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,
On Fri, May 07, 2021 at 01:48:44AM +0000, Andy Smith wrote:
> TL;DR: There's 21 serious security vulnerabilities recently
> published for the Exim mail server, 10 of which are remotely
> triggerable.
ShadowServer are sending reports about this now:
https://www.shadowserver.org/news/21nails-reporting-on-vulnerable-smtp-exim-servers/
The one I received today listed 40 BitFolk customers that are
allegedly susceptible to remote root compromise.
Unfortunately all ShadowServer are doing is checking the version
string in the SMTP banner, and Debian didn't change this from "4.92"
when they backported the fixes, so I have no way to tell if those
reports are valid.
As such, I'm not going to pass any of them on. But you should know
that if you haven't fixed this, people are now scanning for banner
strings at least and compiling lists of possibly exploitable hosts.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
