Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 6 septembre 2019

VU#672565: Exim servers that accept TLS connections are vulnerable to local and remote program execution with root privileges

Exim is an open source mail server or message transfer agent(MTA)that is used on Unix-like operating systems. Versions up to and including 4.92.1 of Exim incorrectly handle certain decoding operations during the intial TLS handshake. A local or remote attacker could execute other programs with root privileges. Exim servers that accept TLS connections are vulnerable. This vulnerability is independent of the TLS library,so Exim servers that use either GnuTLS and OpenSSL are affected. The affected versions for the current vulnerability,CVE-2019-15846,are up to and including 4.92.1.

Lien vers l'article source

Auteur: US Cert

Catégories: CertUSNombre de vues: 359

x

Événements SSI