Re: [exim] Tainted filename for search in Exim 4.94-1

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: Re: [exim] Tainted filename for search in Exim 4.94-1
On 19/06/2020 17:33, Patrick Porteous via Exim-users wrote:
> I'm having the same problem as Vladislav Georgiev after upgrading from
> 4.93.3 to 4.94-1.  After applying the update, I receive the following
> error when trying to send from any of my domains.  Is this a bug or is
> this something I need to change in my config file for the new version? 


> 2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##]
> sender verify defer for <sender@???>: failed to expand
> "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}":
> NULL


It is something you need to change in your configuration.

You are using an unsafe construction for the
file in which you are doing an lsearch.

Consider that the domain, the result of expanding $domain,
is fully under the control of a potential attacker.
It could, for example, contain the letter sequence "../".
--
Cheers,
Jeremy