Autor: Cyborg Data: Para: exim-users Asunto: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
Am 06.06.19 um 14:07 schrieb Heiko Schlittermann via Exim-users: > Hi,
>
> Cyborg via Exim-users <exim-users@???> (Do 06 Jun 2019 13:24:21 CEST):
>> As the Advisiory is a bit unspecific for a protection, shouldn't a check
>> for "$" in
>>
>> deny message = Restricted characters in address
>> domains = +local_domains
>> local_parts = ^[.] : ^.*[\$@%!/|]
> Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
> sould be done.
>
> But, for the 2nd exploit, you should do the same with the sender's
> address.
> Before anyone asks : for the seconds exploit :
acl_check_mail:
...
drop message = Restricted characters in address
condition = ${if match{$sender_address}{\N.*\$.*run.*\N}{1}{0}}
# BEFORE : IMPORTANT!
accept hosts = +relay_from_hosts
"\$.*run" because some Bulkmail put "$randomids$randomids" into
bounceemailaddresses.