Skip to main content

Exim Multiple Vulnerabilities

Release Date: 3 Oct 2023 4350 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Exim. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.

 

[Updated on 2023-10-03] 

For CVE-2023-42117, CVE-2023-42118, and CVE-2023-42119, fix is not yet available.

 

Exim has released the mitigation for these vulnerabilities.

CVE-2023-42117: Do not use Exim behind an untrusted proxy-protocol proxy.

CVE-2023-42118: Do not use the 'spf' condition in your ACL.

CVE-2023-42119: Use a trustworthy DNS resolver which is able to validate the data according to the DNS record types.