Re: [exim-dev] PCRE vulnerability

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Jakob Hirsch
CC: exim-dev
Subject: Re: [exim-dev] PCRE vulnerability
On Mon, 22 Aug 2005, Jakob Hirsch wrote:
>
> According to the alert, only "Applications that parse untrusted regular
> expressions may be vulnerable." Exim does not do that by default, AFAIK,
> but there may be a few setups allowing that, e.g. user specified filters
> with regex.


This can be a problem in setups where Exim runs filters at SMTP time while
it is running as the exim user, which might allow escalation to root
privilege. That's the only really dangerous scenario I can think of.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}