git://git.exim.org
/
exim-website.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Add acl snippet as a mitigation method
[exim-website.git]
/
templates
/
static
/
doc
/
security
/
CVE-2019-15846.txt
diff --git
a/templates/static/doc/security/CVE-2019-15846.txt
b/templates/static/doc/security/CVE-2019-15846.txt
index 3a78aa527df38502a60c0c9439f82ee10ff18dcf..aabdf1d9da933fb309d8535626e738381daee029 100644
(file)
--- a/
templates/static/doc/security/CVE-2019-15846.txt
+++ b/
templates/static/doc/security/CVE-2019-15846.txt
@@
-27,6
+27,11
@@
Mitigation
Do not offer TLS. (This mitigation is not recommended.)
+For a attacking SNI the following ACL snippet should work:
+
+ # to be prepended to your mail acl (acl_smtp_mail)
+ deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+
Fix
===