fsebugoutzone.org:9999

       Post AaGIXzLSvP35QQh2sS by QuatermassTools@infosec.exchange
 (DIR) More posts by QuatermassTools@infosec.exchange
 (DIR) Post #AaGIUc1NBdnCDagY2i by briankrebs@infosec.exchange
       2023-09-29T14:07:38Z
       
       0 likes, 3 repeats
       
       This might have slipped under the radar these past few days, but a 9.8 RCE in Exim (on many, many mail servers) that does not require authentication is bad bad bad.https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
       
 (DIR) Post #AaGIXzLSvP35QQh2sS by QuatermassTools@infosec.exchange
       2023-09-29T14:10:30Z
       
       0 likes, 0 repeats
       
       @briankrebs For an authenticator plugin that is not built/installed on 99% of those many, many servers.
       
 (DIR) Post #AaGIY0CHl1Ie4FPECu by penguin42@mastodon.org.uk
       2023-09-29T14:21:34Z
       
       0 likes, 0 repeats
       
       @QuatermassTools @briankrebs Where do you find that detail it&#39;s for the auth plugin?
       
 (DIR) Post #AaGLuAb04laYYGECX2 by mkoek@mastodon.nl
       2023-09-29T14:59:08Z
       
       0 likes, 0 repeats
       
       @penguin42 @QuatermassTools @briankrebs there seems to be very little information about this vuln but this site mentions the AUTH command - is that not built into Exim? https://securityonline.info/cve-2023-42115-critical-exim-bug-exposes-email-servers-to-remote-attacks/?expand_article=1 (note that there is another CVE that is related to NTLM authentication which is more likely to be a plugin)
       
 (DIR) Post #AaIAAsI0a6ApZ4So1w by shyra@bitbang.social
       2023-09-30T10:13:26Z
       
       0 likes, 0 repeats
       
       @briankrebs @mmu_man Clearly retrocomputing is getting out of hand; now we’re bringing back classic CVEs from the 90s? smh 😆
       
 (DIR) Post #AaIAAt8pPiQOCtAzMO by glitzersachen@hachyderm.io
       2023-09-30T11:53:31Z
       
       0 likes, 0 repeats
       
       @shyraLike a lot if things we have seen in the last years this is a time line anomaly, in this case time itself flowing backwards. QA assures us, the next release of timeline™ will have been tested better and they will have gotten a grip on all  those problems. I am sceptical.Can only advice to already look for another time supplier.@briankrebs @mmu_man
       
 (DIR) Post #AaIAAu0MChF6suDjnM by mmu_man@m.g3l.org
       2023-09-30T11:56:56Z
       
       0 likes, 0 repeats
       
       @glitzersachen @shyra @briankrebs Time is not the boss of you. Rule 408.