Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
Cyborg via Exim-users <exim-users@???> wrote:
> Am 23.06.19 um 21:02 schrieb Jeremy Harris via Exim-users:
>>   deny  local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
>>         message = no mate

[...]
> Anyone who used this restricted chars patch:

[...]
> should update to this ruleset :

[...]
>           local_parts   = ^[.] : ^.*[\$@%!/|] : ^.*x24 : ^.*0.44


> as there is a unexpected problem with jeremy's version, which will
> reject any x24 in any part of the message.

[...]

Hello Marius,

would you mind explaining this? There are many differences between
these rules

J ^.*$
M ^[.]

J version rejects everything, M matches a leading dot.

J ^.*\\x24
M ^.*x24

J tries to match \x24 , M x24.

J ^.*\\0?44
M ^.*0.44

J tries to match on \044 or \44, M on 0.44 and 0a44, ... 0z44

So J rejects everything due to the first pattern, the later patterns
should do the right thing but don't work for me.

M OTOH does not match everything but is much to broad since it does
not match on the backslash at all. Also I do not see how "jeremy's
version will reject any x24 in any part of the message", it matches
the local_part not the message body.

cu Andreas


--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'