[exim-dev] [Bug 679] New: Problems with vacation_reply

Top Page
Delete this message
Reply to this message
Author: Maciej Cetler
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 679] Problems with vacation_reply, [exim-dev] [Bug 679] Problems with vacation_reply
Subject: [exim-dev] [Bug 679] New: Problems with vacation_reply
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=679
           Summary: Problems with vacation_reply
           Product: Exim
           Version: 4.66
          Platform: x86
               URL: http://www.komunix.pl
        OS/Version: FreeBSD
            Status: NEW
          Severity: security
          Priority: critical
         Component: Transports
        AssignedTo: nigel@???
        ReportedBy: m.cetler@???
                CC: exim-dev@???



There seem to be memory leak in vacation_reply transport.
My configuration is:
vacation_reply:
     driver = autoreply
     from = System automatycznej odpowiedzi <${local_part}@${domain}>
     once = /var/mail/vacation/vacation-$local_part@$domain.db
     once_repeat = 1d
     subject = ${if def:h_Subject: {Re:
${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Informacja} }
     headers = "MIME-Version: 1.0\nContent-Type: text/plain;
charset=iso-8859-2\nContent-Transfer-Encoding: 8bit"
     text = "\
     Witaj $h_from\n\n\
     Ta wiadomość została wygenerowana automatycznie\n\
     Tekst poniżej zawiera informację od użytkownika:\n\
     ====================================================\n\n\
     ${lookup mysql {SELECT a.Wiadomosc FROM autoreply a,domeny d, users u
WHERE a.loginid = u.id AND a.domenaid=d.id AND u.login='${local_part}' AND
d.nazwa='${domain}'}}"
     group = exim
     to = "$sender_address"


which means that exim should write database information to
/var/mail/vacation/vacation-$local_part@$domain.db which it does.
The problem is that exim writes way too many information to this file.

For example I can find my encrypted root password inside this file.

I belive this is critical security issue which should be fixed as soon
as possible. It would be possible to read this file after getting
exim privileges and then brute-force users passwords.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email