Re: [exim] CVE-2019-10149: already vulnerable ?

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-users
Temat: Re: [exim] CVE-2019-10149: already vulnerable ?
Marc Haber via Exim-users <exim-users@???> (Mi 03 Jul 2019 18:17:24 CEST):
> On Sun, 23 Jun 2019 20:02:33 +0100, Jeremy Harris via Exim-users
> <exim-users@???> wrote:
> >  deny  local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
> >        message = no mate

>
> This might be a really stupid question, but what exactly does that do?
>
> ^.*$ blocks local_parts containing a $
> ^.\\x24 does the same?
> but I'm stymied about the \\0.44 notation, what's that?


From my POV ^.*$ matches *any* local_part, as $ is the string's end anchor, isn't it?.
But I can't imagine that such mistake happens to Jeremy, so I assume, I'm missing the point here.

\\x24 should match the literal \x24, which may be used to encode the
dollar sign for the unintended local_part expansion in the vulnerable
code.

\\044 and \\44 may encode the dollar sign in base8 notation, with and
w/o the leading zero. Both are collapsed into \\0?44

But I may be totally wrong here.

--
Heiko