[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] CVE-2021-38371 (was: CVE-2022-37452)
From: Jeremy Harris via Exim-users <exim-users () exim ! org>
Date: 2023-03-15 21:22:17
Message-ID: dc32b730-0f64-6da4-11e2-8795a478978a () wizmail ! org
[Download RAW message or body]
On 15/03/2023 20:00, Andrew C Aitchison via Exim-users wrote:
> > When exim acting as a mail client wishes to send a message,
> a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
> by also sending a response to the *next* command, which exim will
> erroneously treat as a trusted response.
Sigh. Nobody has *ever* shown any way that could have been exploited.--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic