Re: [exim] CVE-2019-10149: already vulnerable ?

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
A: exim-users
Assumpte: Re: [exim] CVE-2019-10149: already vulnerable ?
On 23/06/2019 18:51, Calum Mackay via Exim-users wrote:
> by any chance, please, would anyone happen to have an acl_smtp_rcpt
> example that catches these particular exploit attempts — so my queue
> doesn't fill up with these frozen msgs — /but/ still allows me to have
> "user+suffix@domain" which I enable via local_part_suffix on a redirect
> router?


  deny  local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
        message = no mate


Thie is perhaps over-broad - a dollar sign in a local-part
is strictly legitimate per the standards. However, it's
not something most strictly-Ascii sites would be wanting to
use, I suspect.
--
Cheers,
Jeremy