Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Top Page
This message is part of the following thread:
M---\the complete thread tree sorted by date
M--\MGraeme Fowler at <-
M+\MMCyborg at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
Am 06.06.19 um 14:07 schrieb Heiko Schlittermann via Exim-users:
> Hi,
>
> Cyborg via Exim-users <exim-users@???> (Do 06 Jun 2019 13:24:21 CEST):
>> As the Advisiory is a bit unspecific for a protection, shouldn't a check
>> for  "$" in
>>
>>   deny    message       = Restricted characters in address
>>               domains       = +local_domains
>>               local_parts   = ^[.] : ^.*[\$@%!/|]
> Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
> sould be done.
>
> But, for the 2nd exploit, you should do the same with the sender's
> address.
>
Before anyone asks :  for the seconds exploit :

acl_check_mail:

...
  drop message = Restricted characters in address
          condition = ${if match{$sender_address}{\N.*\$.*run.*\N}{1}{0}}

# BEFORE :  IMPORTANT!

  accept  hosts         = +relay_from_hosts

"\$.*run" because some Bulkmail put "$randomids$randomids" into
bounceemailaddresses.

best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerableRe: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)