Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.
On Fri 21 Jun 2019 at 04:15:35 +1000, Andrew McGlashan wrote:
> On 20/6/19 11:57 pm, Brian wrote:
> > On Thu 20 Jun 2019 at 23:26:08 +1000, Andrew McGlashan wrote:
> >
> >> # dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t exim4
> >> 4.89-2+deb9u4 exim4-base 4.89-2+deb9u4 exim4-config
> >> 4.89-2+deb9u4 exim4-daemon-heavy 4.89-2+deb9u4 exim4-doc-html
> >> 4.89-1
> >>
> >> Is there a way to provide version of "4.92" easily or some other
> >> text to stop the likelihood of outsiders trying to pound on and
> >> exploit the server? Even though they won't be able to do
> >> successfully due to up to date patch status.
> >
> > You really, really think changing a version number increases or
> > decreases the likelihood of automated server probes happening?
>
> Yes, if "candidates" are chosen and then advertised to bots to go and
> do the work, instead of doing the work against any and every server,
> for sure. If this was a quick and simple exploit, the answer would be
> no, but this exploit takes considerable time before a result is known
> or attained from the attempt.
At least 2000,000,0000 hosts on the internet. You reckon you will be in
the first tranche of targets? That's apart from the completely inept and
unintelligent type of exploitation attack that is run.
>
> > Doesn't doing this qualify as security through obscurity?
>
> Yes, but sometimes that simply works.
How can it? As you say
> Even though they won't be able to do successfully due to up to
> date patch status.
You acknowledge your mail server is safe. Are you in the business of
serving up FUD in spite of your updating and declaring the server to
be protected against this particular bug?
By all means alter smtp_banner. Much good will it do.
--
Brian.
Reply to: