Nico Erfurth wrote:
>> The Bug affects the parsing of the From, To, CC and Bcc-Header which
>> sendmail
>> does semantic tests on.
>
> I didn't check exim's code, but did anyone try to use
> verify = header_syntax in his/her data_acl?
Ok, it looks like the verify can at least stop the exploit posted to
bugtraq some hours ago.
If I understood the advisory correctly, the problem is inside of the
address-parsing, especially where it splits of the comments. Maybe this
also helps in a data-acl.
deny message = Ohh, this looks like the sendmail-exploit
condition = ${if match {$h_from: $h_cc: $h_bcc: $h_reply_to: \
$h_sender: $h_to:} {\N\(.{21,}?\)\N}{1}{0}}
This SHOULD deny everything with more than 20 chars inside of an
address-comment.
No warranty for anything, this will break all your mails, burn your CPU,
crash your harddrive or whatever, I didn't even tested it, so it it at
your own risk :)
Nico
