Critical TLS flaw opens Exim servers to remote compromise
1 min read
Sep 10, 2019
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Affecting all versions from 4.80 up to and including 4.92.1, Exim’s maintainers have offereda general descriptionof the flaw (CVE-2019-15846) discovered in July 2019 by a researcher identified as ‘Zerons’.
Subsequently confirmed by engineers working for Qualys, the flaw is a buffer overflow in the part of the TLS negotiation connected to Server Name Indication (SNI). SNI is a way web hosts present the certificates for multiple HTTPS-secured TLS servers sitting behind the same IP address so that incoming connections are directed to the correct one.
The link for this article located at Naked Security is no longer available.
Related Articles
1 - 0 min read
8220 Hacker Group Targets Cloud Systems To Mine Crypto
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
New GhostRace Attack Impacts Major CPU, Software Vendors
