Re: [exim] CVE-2019-10149: already vulnerable ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ian Zimmerman
Datum:  
To: exim-users
Betreff: Re: [exim] CVE-2019-10149: already vulnerable ?
On 2019-06-24 17:23, Jeremy Harris wrote:

> > I just want to prohibit any backslashes in local parts. I know this is
> > totally safe to do im my case. So what it the appropriate number of
> > backslashes to put in the regexp? Will this work:
> >
> > deny message = Restricted characters in address
> > domains = +local_domains
> > local_parts = ^[.] : ^.*[\$@%!/\\|]
>
> I suggest quoting the entire list with \N for sanity.
> Having done that I think you need a double backslash. I did when I
> tested it. I suggest you test it yourself, using -bh.


So I tried that. Unfortunately, it seems that some part of Exim eats
the backslashes before they are seen by the ACL. I don't know if this
happens only in -bh mode or if it would happen with a running daemon
too. I'm not trying the latter ATM.

For instance, if I say this in the -bh dialog:

RCPT TO:<it\z@???>

the local part being tested, according to the >>> output, is just "itz",
which of course ends up being accepted.

I think this is a bug, do you agree?

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.