کد:
A remote code execution vulnerability has been reported in Exim, with
immediate public disclosure (we were given no private notice).
A tentative patch exists but has not yet been confirmed.
With immediate effect, please apply this workaround: if you are running
Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main
section of your Exim configuration, set:
chunking_advertise_hosts =
That's an empty value, nothing on the right of the equals. This
disables advertising the ESMTP CHUNKING extension, making the BDAT verb
unavailable and avoids letting an attacker apply the logic.
This should be a complete workaround. Impact of applying the workaround
is that mail senders have to stick to the traditional DATA verb instead
of using BDAT.
اگر نسخه exim.conf زیر 4.5 می باشد اقدام به بهروز رسانی نمایید:
کد:
cd /usr/local/directadmin/custombuild
./build update
./build exim_conf
برای بررسی دستور زیر را اجرا کنید:
کد:
grep chunking_advertise_hosts /etc/exim*
کد:
/etc/exim.variables.conf:chunking_advertise_hosts=
/etc/exim.variables.conf.default:chunking_advertise_hosts =