著者: Phil Pennock 日付: To: exim-users 題目: Re: [exim] DKIM signature where the identity field has a leading
slash attempts to touch the filesystem
On 2011-05-07 at 09:08 +1000, Ted Cooper wrote: > On 07/05/11 08:51, Tony Meyer wrote:
> >> condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer}}
> >
> > Unfortunately, this didn't fix the problem. I get the paniclog entry
> > even using this ACL:
>
> Is this at all related?
> https://lists.exim.org/lurker/message/20110506.112357.e99a8db1.en.html >
> [exim] Exim 4.76 RC1 uploaded - SECURITY
>
> CVE-2011-1764: a format string attack in logging DKIM
> information from an inbound mail may permit anyone who can send you
> email to cause code to be executed as the Exim run-time user.