Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:
>
> Hello Marius,
>
> would you mind explaining this? There are many differences between
> these rules


Yes ..
> J ^.*\\0?44
> M ^.*0.44
>
> J tries to match on \044 or \44, M on 0.44 and 0a44, ... 0z44


Yes, it does. It circumvented the \\\\\ problem and accepted the
implication of 0z44  etc. etc.
>
> So J rejects everything due to the first pattern, the later patterns
> should do the right thing but don't work for me.
>
> M OTOH does not match everything but is much to broad since it does
> not match on the backslash at all. Also I do not see how "jeremy's
> version will reject any x24 in any part of the message", it matches
> the local_part not the message body.
>

The problem is, as soon as Js rule was inserted into exim, it rejected
messages with \x24 in the body.

Why it does it, is not yet known.  It's possible that it's due to the
rest of the config in use, but as that rule should only be handled at
smtp time,
there is no explanation for that behaviour yet. As you can imagine, a
mailserver must work, so i published a version that does work without
major inplications.

As any exim admin should install the newest versions of exim anyway, >I<
accepted the 0z44 situation for that one mailserver until it gets
updated, just to be safe.

If Js version works with you exim, make use of it.

best regards,
Marius