Re: [Exim] exim as relay for latest sendmail bug?

Góra strony
Delete this message
Reply to this message
Autor: Nico Erfurth
Data:  
Dla: Nico Erfurth
CC: Marc Haber, exim-users
Temat: Re: [Exim] exim as relay for latest sendmail bug?
Nico Erfurth wrote:

>> The Bug affects the parsing of the From, To, CC and Bcc-Header which
>> sendmail
>> does semantic tests on.
>
> I didn't check exim's code, but did anyone try to use
> verify = header_syntax in his/her data_acl?


Ok, it looks like the verify can at least stop the exploit posted to
bugtraq some hours ago.

If I understood the advisory correctly, the problem is inside of the
address-parsing, especially where it splits of the comments. Maybe this
also helps in a data-acl.

deny message = Ohh, this looks like the sendmail-exploit
      condition = ${if match {$h_from: $h_cc: $h_bcc: $h_reply_to: \
                              $h_sender: $h_to:} {\N\(.{21,}?\)\N}{1}{0}}


This SHOULD deny everything with more than 20 chars inside of an
address-comment.

No warranty for anything, this will break all your mails, burn your CPU,
crash your harddrive or whatever, I didn't even tested it, so it it at
your own risk :)

Nico