3 Version(s): up to and including 4.94.2
4 Reporter: Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel
5 Reference: https://nostarttls.secvuln.info/
6 Issue: Possible MitM attack on STARTTLS when Exim is *sending* email.
8 ** The Exim developers do not consider this issue as a security problem.
9 ** Additionally, we do not have any feedback about a successful attack
10 ** using the scenario described below.
12 Conditions to be vulnerable
13 ===========================
15 Versions up to (and including) 4.94.2 are vulnerable when
16 *sending* emails via a connection encrypted via STARTTLS.
22 When Exim acting as a mail client wishes to send a message,
23 a Meddler-in-the-Middle (MitM) may respond to the STARTTLS command
24 by also sending a response to the *next* command, which Exim will
25 erroneously treat as a trusted response.
28 https://git.exim.org/exim.git/commit/1b9ab35f323121aabf029f0496c7227818efad14
29 commit 1b9ab35f323121aabf029f0496c7227818efad14
31 Date: Thu Jul 30 20:16:01 2020 +0100
36 There is - beside updating the server - no known mitigation.
41 Download and build the fixed version 4.95 or a later version
42 (4.96 was released in June 2022).