[exim-dev] [Bug 1805] New: Recent Exim CVE mitigation breaks…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Neue Treads: [exim-dev] [Bug 1805] Recent Exim CVE mitigation breaks customer ability to determine where mail was sent from.
Betreff: [exim-dev] [Bug 1805] New: Recent Exim CVE mitigation breaks customer ability to determine where mail was sent from.
https://bugs.exim.org/show_bug.cgi?id=1805

            Bug ID: 1805
           Summary: Recent Exim CVE mitigation breaks customer ability to
                    determine where mail was sent from.
           Product: Exim
           Version: 4.86
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Logging
          Assignee: nigel@???
          Reporter: toddr@???
                CC: exim-dev@???


It turns out that checking cwd=XXX was a popular heuristic for identifying the
source of malware sending email. There are many blogs and forums on the
internet recommending to customers that they do this.

Now that exim.c changes directories to / on startup, the code that comes right
after that emits what the startup directory was is now always /.

The output would look something like this:

2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi
-oem -oi -t -f root

Now it looks like this:

2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem
-oi -t -f root

--
You are receiving this mail because:
You are on the CC list for the bug.