I-ZDI (iNyathelo loSuku lweZero) lipapashe ulwazi malunga nobuthathaka obuthathu obufunyenwe kwi-Exim mail iseva evumela ukuba ikhowudi engafanelekanga yenziwe egameni lenkqubo yomncedisi evula izibuko 25. Ukwenza uhlaselo, ukuqinisekiswa kumncedisi akufuneki.
- I-CVE-2023-42116 -okubangelwa kukukopa idatha kumsebenzisi kwi-fixed-size buffer ngaphandle kokujonga ubungakanani obufunekayo.
- I-CVE-2023-42117 – kwakhona kubangelwa kukungabikho kokuqinisekiswa kwedatha yegalelo kwi-port 25 yenkonzo ye-SMTP.
Ubuthathaka buphawulwe njenge-0-day, nto leyo ebonisa ukuba ayilungiswanga, nangona ngokutsho kwe-ZDI, abaphuhlisi be-Exim kudala belunyukiswa malunga nobukho babo. Mhlawumbi ukulungiswa kuya kuba kwinguqulo ye-4.97 yomncedisi, kodwa oku akuqinisekanga.
Njengokhuseleko kobu buthathaka, kucetywa ngoku ukuba kuthintelwe ukufikelela kwi-SMTP kwizibuko lama-25.
UPD. Kubonakala ngathi izinto azikho mbi kangako. Obu buthathaka bukwindalo yendawo. Azisebenzi ukuba umncedisi akasebenzisi i-NTLM kunye ne-EXTERNAL ungqinisiso, ayivalwanga ngasemva kwe-proxy, ayisebenzisi iiseva ezinokuba yingozi ze-DNS, kwaye ayisebenzisi i-spf kwi-acl. Funda ngakumbi
umthombo: linux.org.ru
