Re: [exim] DKIM signature where the identity field has a lea…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: exim-users
題目: Re: [exim] DKIM signature where the identity field has a leading slash attempts to touch the filesystem
On 2011-05-07 at 09:08 +1000, Ted Cooper wrote:
> On 07/05/11 08:51, Tony Meyer wrote:
> >> condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer}}
> >
> > Unfortunately, this didn't fix the problem. I get the paniclog entry
> > even using this ACL:
>
> Is this at all related?
> https://lists.exim.org/lurker/message/20110506.112357.e99a8db1.en.html
>
> [exim] Exim 4.76 RC1 uploaded - SECURITY
>
> CVE-2011-1764: a format string attack in logging DKIM
> information from an inbound mail may permit anyone who can send you
> email to cause code to be executed as the Exim run-time user.


No, I very much doubt it.