Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
Am 05.07.19 um 06:26 schrieb Jasen Betts via Exim-users:
>
> It looks to me like it matches any string, it should probably be ^.*\$
> which would match any astring contailnin literal '$'

It's a crude, brutal protection rule against a root exploit, of course
it shall block *any* $ in that string :)

>> ^.\\x24 does the same?
> matches containing literal '\x24'
>
>> but I'm stymied about the \\0.44 notation, what's that?
> assuming typo: \\0?44 matches strings containing literal '\044' and '\44'
>


octal version of \x24 aka $ .


Guys, the rules are made to even protect against "new" "inventive" forms
for encoding attacks
for a handfull of servers not capable of updating, taking into account,
that some none harmfull strings are also matched.

They are not meant for upgraded production servers, as they are not
needed there.

The MOTD is "better be safe, than sorry" .

If you wanne make the rules better, easier, smarter, please do so, but
you are wasting time and resources you should use to upgrade your
installations.

best regrads,
Marius