Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 06/06/2019 12:24, Cyborg via Exim-users wrote:
> As the Advisiory is a bit unspecific for a protection, shouldn't a check
> for  "$" in
>
>   deny    message       = Restricted characters in address
>               domains       = +local_domains
>               local_parts   = ^[.] : ^.*[\$@%!/|]


That would suffice. You'd want to do the equivalent in the non-smtp
ACL also, and I'd personally not restrict it to local domains.


> Is it possible/pausible that fedora build it with "DISABLE_EVENT" defined,
> so the vulnerable code is not in there?
>
> any way to check that ( did not find the show compile settings on the web ) ?


exim -bV | grep -i support

--
Cheers,
Jeremy