Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
MJasen Betts at ->
Delete this message
Reply to this message
Author: Ian Zimmerman
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
On 2019-07-03 21:42, Jeremy Harris wrote:

> > \\x24 should match the literal \x24, which may be used to encode the
> > dollar sign for the unintended local_part expansion in the vulnerable
> > code.

After your important discovery that escaping is done on local parts as
part of SMTP (at least that's how I interpreted the disappearance of the
backslash from "it\z"), the next question should be but has not yet
been: why is this needed at all? Won't the whole escape sequence be
transformed into a dollar sign by the time it is matched against the
rule?

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] TLS with gmail started failingRe: [exim] CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)