Re: [exim] CVE-2019-10149: already vulnerable ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ian Zimmerman
Date:  
À: exim-users
Sujet: Re: [exim] CVE-2019-10149: already vulnerable ?
On 2019-07-03 21:42, Jeremy Harris wrote:

> > \\x24 should match the literal \x24, which may be used to encode the
> > dollar sign for the unintended local_part expansion in the vulnerable
> > code.


After your important discovery that escaping is done on local parts as
part of SMTP (at least that's how I interpreted the disappearance of the
backslash from "it\z"), the next question should be but has not yet
been: why is this needed at all? Won't the whole escape sequence be
transformed into a dollar sign by the time it is matched against the
rule?

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.