Re: [exim] CVE-2019-13917

Top Page

Reply to this message
Author: Andrew C Aitchison
To: exim-users
Subject: Re: [exim] CVE-2019-13917
On Thu, 25 Jul 2019, Russell King via Exim-users wrote:

> On Thu, Jul 25, 2019 at 10:04:19AM +0100, Jeremy Harris via Exim-users wrote:
>> If the effective configuration file for exim does not use sort
>> then the system is trivially declarable as not being vulnerable.
>> Use this command to check: "exim -bP config | grep sort".
> The grep expression seems to be a bit over-zealous - it'll pick up
> on, e.g., "remote_sort_domains" rather than just the sort expansion
> operator. Or is "remote_sort_domains" also implicated?
> If it's just the ${sort operator you're after, I think you want the
> grep to be:
>     grep '\${[[:space:]]*sort'

> ?

I read "trivially declarable as not being vulnerable" as saying that
failing the grep test was a necessary but not sufficient condition
for being exploitable,. ie:
     If there is no "sort" in your running config you are safe.
     If "sort" *is* present, then you need to engage brain ...

Your test *may* be precise and accurate, but without further research
Jeremy may not have been able to be sure that it would work on all
platforms ...