Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Evgeniy Berdnikov
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
On Tue, Jun 25, 2019 at 03:05:43PM +0200, Cyborg via Exim-users wrote:
> Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:

...
> > M OTOH does not match everything but is much to broad since it does
> > not match on the backslash at all. Also I do not see how "jeremy's
> > version will reject any x24 in any part of the message", it matches
> > the local_part not the message body.
> >
> The problem is, as soon as Js rule was inserted into exim, it rejected
> messages with \x24 in the body.
>
> Why it does it, is not yet known.  It's possible that it's due to the
> rest of the config in use, but as that rule should only be handled at
> smtp time,
> there is no explanation for that behaviour yet.


Could you post debug output (-d+all) with the rejection point
and 40-60 lines before it?
--
Eugene Berdnikov