Viktor Dukhovni <exim-users@???> wrote:
>
> FWIW, Postfix never uses gethostbyname() on systems that have
> getaddrinfo() (build configuration enables IPv6 API support).
Exim's DNS code has a rather long history :-)
> On systems with no IPv6 API Postfix only calls gethostbyname()
> after first dealing with literal address forms via inet_pton().
> In other words, literal IPv4 addresses accepted by inet_pton(),
> are never passed to gethostbyname().
Exim mostly takes a similar approach.
The specific weakness used by the Qualys exploit is that Exim will pass an
attacker-controlled string - the HELO hostname - to gethostbyname.
You can avoid this exploit by making sure your configuration leaves the
following unset in the main part of the configuration
helo_verify_hosts
helo_try_verify_hosts
and by not using the following in any ACLs
verify = helo
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
