Exim 4.80-4.92.1 Critical Advisory: Buffer Overflow in TLS Negotiation
Sep 10, 2019
•
Brittany Day
1 min read
Topics Covered
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Affecting all versions from 4.80 up to and including 4.92.1, Exim’s maintainers have offereda general descriptionof the flaw (CVE-2019-15846) discovered in July 2019 by a researcher identified as ‘Zerons’.
Subsequently confirmed by engineers working for Qualys, the flaw is a buffer overflow in the part of the TLS negotiation connected to Server Name Indication (SNI). SNI is a way web hosts present the certificates for multiple HTTPS-secured TLS servers sitting behind the same IP address so that incoming connections are directed to the correct one.
The link for this article located at Naked Security is no longer available.
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!