Re: [exim] CVE-2019-15846: Exim - local or remote attacker c…

Top Page

Reply to this message
Author: Marco Gaiarin
Date:  
To: Heiko Schlittermann via Exim-users
CC: exim-users
Subject: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
Mandi! Heiko Schlittermann via Exim-users
In chel di` si favelave...

> Add - as part of the mail ACL (the ACL referenced by the main config
> option "acl_smtp_mail"):
>      deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
>      deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}


For very old exim, eg 4.80, there's no _in_ and _out_ variables, so:

    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_sni}}}}
    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_peerdn}}}}


as:
    https://www.exim.org/exim-html-4.80/doc/html/spec_html/ch-variable_index.html


-- 
  La nave è ormai in mano al cuoco di bordo, e ciò che trasmette
  il megafono del comandante non è più la rotta ma ciò che
  mangeremo domani.                (Sören Kierkegaard)