Autor: Graeme Fowler Data: A: exim-users Assumpte: Re: [exim] Exim with Dovecot: Typical Misconfiguration Leads to
Remote Command Execution
On Mon, 2013-05-06 at 16:16 -0400, Phil Pennock wrote: > This includes $h_* variables for looking at message headers, where
> there's even more flexibility for the attacker.
I'm slightly late to the list party on this one as I've been running
after errant racing cars all weekend, but (as I commented on the G+
thread for this) the default configuration's RCPT ACL would reject an
inbound email address containing backticks as being invalid.
This does not absolve the "use_shell" option of its risk, but does
mitigate it somewhat.
