Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow

2022-05-17 Thread Peter Wullinger via Exim-users
Hi there, After you've rev-iewed all these documents, we can -easily talk abou-t the following steps: This very much looks like thread hijacking used by emotet-successor type malware: Quote message from hijacked mailbox, reply to original sender with malware link but from a different

Re: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow

2022-05-17 Thread Heiko Schlittermann via Exim-users
Hi folks, this message Heiko Schlittermann via Exim-users (Mo 16 Mai 2022 18:21:30 CEST): >Hello there, >After you've rev-iewed all these documents, we can -easily talk abou-t >the following steps: … >2019-09-28 Release 4.92.3, Release-Announcements to >

Re: [exim] DO NOT CLICK THE LINKS was [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow

2022-05-17 Thread Odhiambo Washington via Exim-users
On Tue, May 17, 2022 at 11:03 AM Cyborg via Exim-users wrote: > > DO NOT click the links in that email! > > JUST DELETE the mail. > > Do you mean the one that was engineered to appear as if it came from Heiko Schlittermann? I don't seem to find the original one, but kinds 2 variations ended in

Re: [exim] Exim 4.96-RC1 released

2022-05-17 Thread Laura Williamson via Exim-users
I see what the problem is, configure has to be rewritten for the embedded SRS, will have a look at it later. On 17/05/2022 09:25, Jeremy Harris via Exim-users wrote: On 17/05/2022 08:04, Laura Williamson via Exim-users wrote: I have trouble compiling this with SRS support and I can see that

Re: [exim] Exim 4.96-RC1 released

2022-05-17 Thread Laura Williamson via Exim-users
I do not get a build error, I do get this error main option "srs_config" unknown leaving it out I get this option "srs" unknown so it doesn't look like the SRS is compiled in (or has the config changed??)  and yes, I do have SUPPORT_SRS=yes in the Local/Makefile On 17/05/2022 09:25,

Re: [exim] Exim 4.96-RC1 released

2022-05-17 Thread Jeremy Harris via Exim-users
On 17/05/2022 08:04, Laura Williamson via Exim-users wrote: I have trouble compiling this with SRS support and I can see that the src/srs.h and .c are missing. I do have SUPPORT_SRS=yes in the makefile and also have the  latest libsrs2 libs installed, am I missing something? The old

[exim] DO NOT CLICK THE LINKS was [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow

2022-05-17 Thread Cyborg via Exim-users
DO NOT click the links in that email! JUST DELETE the  mail. regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Exim 4.96-RC1 released

2022-05-17 Thread Laura Williamson via Exim-users
I have trouble compiling this with SRS support and I can see that the src/srs.h and .c are missing. I do have SUPPORT_SRS=yes in the makefile and also have the latest libsrs2 libs installed, am I missing something? On 16/05/2022 11:08, Jeremy Harris via Exim-users wrote: On 16/05/2022