Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Cyborg
Date:  
À: exim-users
Sujet: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
Am 06.06.19 um 14:25 schrieb Spencer Marshall via Exim-users:
> why is this only being applied to +local_domains? why not everything?
>  deny    message       = Restricted characters in address
>                local_parts   = ^[.] : ^.*[\$@%!/|]

>
>


Because there are two Restricted Char rules, one for your domain, and
for other domains
and the Regex match differs a bit.

YOU can shrink that down if you like. Honestly, i wondered myself why
there a two rules,
but adding to it to two rules isn't that much more work, so i left it as
it was. (2 rules patched,1 added for exploit#2 )

Best regards,
Marius