A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Affecting all versions from 4.80 up to and including 4.92.1, Exim’s maintainers have offereda general descriptionof the flaw (CVE-2019-15846) discovered in July 2019 by a researcher identified as ‘Zerons’.
Subsequently confirmed by engineers working for Qualys, the flaw is a buffer overflow in the part of the TLS negotiation connected to Server Name Indication (SNI). SNI is a way web hosts present the certificates for multiple HTTPS-secured TLS servers sitting behind the same IP address so that incoming connections are directed to the correct one.
The link for this article located at Naked Security is no longer available.