BrianKrebsThis might have slipped under the radar these past few days, but a 9.8 RCE in Exim (on many, many mail servers) that does not require authentication is bad bad bad.
VZ@briankrebs Some more (or any) details works really be great. Is this a vulnerability in a particular auth mechanism? I have hard time believing there would be something affecting all of them, but we had been shellshocked before...
@briankrebs Just for completeness, this doesn't seem bad enough for 9.8 if the information in https://www.openwall.com/lists/oss-security/2023/10/01/4 is correct and you're not using NTLM auth nor libspf2.