I am surprised it's that much; most of my hosts are still Debian
jessie (oldstable) and that wasn't affected because too old. "Only"
versions 4.87 to 4.91 were affected.

Yeah, it could very well have meant 90% of exim servers in that range are still unpatched. The article was a bit sensationalist in style. I run Postfix on my VPS servers only have Exim as the Debian default on my laptop and that was reinstalled very recently when I wiped it and put Buster on there

On Sun, 23 Jun 2019 at 06:54, Andy Smith <andy@bitfolk.com> wrote:
Hi Keith,

On Sun, Jun 23, 2019 at 06:08:06AM +0100, Keith Williams wrote:
> I have just read up on this, after seeing this email. It appears that over
> 90% of exim4 servers are running vulnerable unpatched versions of the
> software.

I am surprised it's that much; most of my hosts are still Debian
jessie (oldstable) and that wasn't affected because too old. "Only"
versions 4.87 to 4.91 were affected.

> It seems that the best preventative step is to ensure that your exim is up
> to date running version >= 4.92. The only cure That I can see in the sites
> I have looked at is a complete nuking and format. This is a nasty brute

Yes; if you didn't upgrade exim within the first week or so of the
update being available you might want to reinstall as there is no
easy way to tell that you haven't been compromised. An attacker
could have deleted the evidence of their attack out of your
/var/log/exim4/mainlog.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users