Tsis ntev los no, nyob rau lub caij ntuj sov thaum ntxov, muaj kev hu xov tooj rau Exim kom hloov kho rau version 4.92 vim yog CVE-2019-10149 qhov tsis zoo (). Thiab tsis ntev los no nws tau muab tawm tias Sustes malware txiav txim siab coj kom zoo dua ntawm qhov tsis zoo no.
Tam sim no txhua tus neeg uas hloov kho sai sai tuaj yeem "zoo siab" dua: Lub Xya Hli 21, 2019, tus kws tshawb fawb Zerons tau tshawb pom qhov teeb meem tseem ceeb hauv Exim Mail Transfer agent (MTA) thaum siv TLS rau versions ntawm 4.80 rau 4.92.1 suav nrog, tso cai rau tej thaj chaw deb ua code nrog cov cai muaj cai ().
Kom txhob raug
Qhov tsis zoo yog tam sim no thaum siv GnuTLS thiab OpenSSL cov tsev qiv ntawv thaum tsim kev ruaj ntseg TLS kev sib txuas.
Raws li tus tsim tawm Heiko Schlittermann, cov ntaub ntawv teeb tsa hauv Exim tsis siv TLS los ntawm lub neej ntawd, tab sis ntau qhov kev faib tawm tsim cov ntawv pov thawj tsim nyog thaum lub sijhawm teeb tsa thiab ua kom muaj kev sib txuas ruaj ntseg. Kuj newer versions ntawm Exim nruab qhov kev xaiv tls_advertise_hosts=* thiab tsim cov ntawv pov thawj tsim nyog.
nyob ntawm qhov configuration. Feem ntau distros pab nws los ntawm lub neej ntawd, tab sis Exim xav tau daim ntawv pov thawj + tus yuam sij ua haujlwm ua tus neeg rau zaub mov TLS. Tej zaum Distros tsim ib daim ntawv pov thawj thaum teeb tsa. Newer Exims muaj qhov kev xaiv tls_advertise_hosts defaulting rau "*" thiab tsim daim ntawv pov thawj tus kheej kos npe, yog tias tsis muaj.
Qhov tsis txaus ntseeg nws tus kheej nyob rau hauv kev ua tsis raug ntawm SNI (Server Name Indication, ib lub tshuab qhia hauv 2003 hauv RFC 3546 rau tus neeg siv khoom thov daim ntawv pov thawj tseeb rau lub npe sau npe, ) thaum TLS tuav tes. Tus neeg tawm tsam tsuas yog xav tau xa SNI xaus nrog backslash ("") thiab tus cwj pwm tsis zoo ("").
Cov kws tshawb fawb los ntawm Qualys tau pom cov kab laum hauv string_printing (tls_in.sni) muaj nuj nqi, uas cuam tshuam nrog kev khiav tawm ntawm "" tsis raug. Yog li ntawd, lub backslash yog sau unescaped mus rau lub print spool header ntaub ntawv. Cov ntaub ntawv no yog tom qab ntawd nyeem nrog cov cai tshwj xeeb los ntawm spool_read_header() muaj nuj nqi, uas ua rau heap overflow.
Nws yog ib qho tsim nyog sau cia tias tam sim no, Exim cov neeg tsim khoom tau tsim PoC ntawm qhov tsis zoo nrog kev ua tiav ntawm cov lus txib ntawm cov chaw taws teeb tsis zoo, tab sis nws tseem tsis tau muaj rau pej xeem. Vim qhov yooj yim ntawm kev siv cov kab laum, nws tsuas yog qhov teeb meem ntawm lub sijhawm, thiab luv heev.
Kev tshawb fawb ntxaws ntxiv los ntawm Qualys tuaj yeem pom .
Siv SNI hauv TLS
Tus naj npawb ntawm cov muaj feem cuam tshuam rau pej xeem servers
Raws li kev txheeb cais los ntawm cov chaw muab kev pabcuam loj E-Soft Inc Raws li lub Cuaj Hlis 1, ntawm cov servers xauj, version 4.92 yog siv ntau dua 70% ntawm cov tswv.
version
Number of Servers
Feem Pua
4.92.1
6471
1.28%
4.92
376436
74.22%
4.91
58179
11.47%
4.9
5732
1.13%
4.89
10700
2.11%
4.87
14177
2.80%
4.84
9937
1.96%
Lwm hom
25568
5.04%
E-Soft Inc tuam txhab txheeb cais
Yog tias koj siv lub tshuab tshawb nrhiav , ces tawm ntawm 5,250,000 nyob rau hauv lub server database:
- txog 3,500,000 siv Exim 4.92 (txog 1,380,000 siv SSL/TLS);
- tshaj 74,000 siv 4.92.1 (txog 25,000 siv SSL/TLS).
Yog li, pej xeem paub thiab nkag mus tau Exim muaj peev xwm ua rau muaj kev cuam tshuam cov servers tus lej txog 1.5M.
Tshawb nrhiav Exim servers hauv Shodan
kev tiv thaiv
- Qhov yooj yim tshaj plaws, tab sis tsis pom zoo, kev xaiv yog tsis siv TLS, uas yuav ua rau cov email xa mus rau qhov tseeb.
- Txhawm rau kom tsis txhob muaj kev cuam tshuam ntawm qhov tsis zoo, nws yuav zoo dua los hloov kho rau lub version .
- Yog tias nws tsis tuaj yeem hloov kho lossis nruab ib lub patched version, koj tuaj yeem teeb tsa ACL hauv Exim configuration rau qhov kev xaiv acl_smtp_mail nrog rau cov cai hauv qab no:
# to be prepended to your mail acl (the ACL referenced # by the acl_smtp_mail main config option) deny condition = ${if eq{}{${substr{-1}{1}{$tls_in_sni}}}} deny condition = ${if eq{}{${substr{-1}{1}{$tls_in_peerdn}}}}
Tau qhov twg los: www.hab.com