Re: [exim] DKIM signature where the identity field has a lea…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTed Cooper at <-
.MW B Hacker at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [exim] DKIM signature where the identity field has a leading slash attempts to touch the filesystem
On 2011-05-07 at 09:08 +1000, Ted Cooper wrote:
> On 07/05/11 08:51, Tony Meyer wrote:
> >> condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer}}
> >
> > Unfortunately, this didn't fix the problem. I get the paniclog entry
> > even using this ACL:
>
> Is this at all related?
> https://lists.exim.org/lurker/message/20110506.112357.e99a8db1.en.html
>
> [exim] Exim 4.76 RC1 uploaded - SECURITY
>
> CVE-2011-1764: a format string attack in logging DKIM
> information from an inbound mail may permit anyone who can send you
> email to cause code to be executed as the Exim run-time user.

No, I very much doubt it.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] DKIM signature where the identity field has a leading slash attempts to touch the filesystemRe: [exim] DKIM signature where the identity field has a leading slash attempts to touch the filesystem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)