Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 06/06/2019 12:24, Cyborg via Exim-users wrote:
> As the Advisiory is a bit unspecific for a protection, shouldn't a check
> for  "$" in
>
>   deny    message       = Restricted characters in address
>               domains       = +local_domains
>               local_parts   = ^[.] : ^.*[\$@%!/|]


That would suffice. You'd want to do the equivalent in the non-smtp
ACL also, and I'd personally not restrict it to local domains.


> Is it possible/pausible that fedora build it with "DISABLE_EVENT" defined,
> so the vulnerable code is not in there?
>
> any way to check that ( did not find the show compile settings on the web ) ?


exim -bV | grep -i support

--
Cheers,
Jeremy