Re: [bitfolk] 21 critical Exim security issues need addressing

Hello, On Fri, May 07, 2021 at 01:48:44AM +0000, Andy Smith wrote: ShadowServer are sending reports about this now: https://www.shadowserver.org/news/21nails-reporting-on-vulnerable-smtp-exim… The one I received today listed 40 BitFolk customers that are allegedly susceptible to remote root compromise. Unfortunately all ShadowServer are doing is checking the version string in the SMTP banner, and Debian didn't change this from "4.92" when they backported the fixes, so I have no way to tell if those reports are valid. As such, I'm not going to pass any of them on. But you should know that if you haven't fixed this, people are now scanning for banner strings at least and compiling lists of possibly exploitable hosts. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting