[exim] Infos: someone posted an none working exploit for ex…
Català
Dansk
Deutsch
Ελληνικά
English
Español
suomi
Français
Galego
magyar
Italiano
日本語
Nederlands
Polski
Português
Português Brasileiro
Esta mensagem é parte da seguinte discussão:
a lista completa das discussões ordenadas por data
Jeremy Harris em
2013-06-07 13:44
Graeme Fowler em
2013-06-07 14:00
Autor:
Cyborg
Data:
2013-06-07 13:53
UTC
Para:
exim-users
Tópicos Novos:
[exim] Security reminder on email address characters
Assunto:
[exim] Infos: someone posted an none working exploit for exim
More Infos here:
https://www.redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution
but it's a dovecot problem as it seems. On the other hand "`" is not an
allowed char in an emailaddress..
How about just kicking those connection attempts by default with i.e.
"500 illegal chars used" ?
Marius