[Mimedefang] Carefully Crafted Recipient executes script?

Kevin A. McGrail KMcGrail at PCCC.com
Tue Jun 25 16:50:00 EDT 2019


On 6/25/2019 4:25 PM, Stefan Schoeman wrote:
> Hoping someone can assist me with this...
>
> I just came across an email processed by MIMEDefang that seems to have
> had a specially crafted recipient. It seems as if the crafted
> recipient managed to coerce either my mimedefang-filter, or MIMEDefang
> itself to actually execute script. The recipient was recorded as : 

It's an exim exploit CVE-2019-10149.  MIMEDefang won't be affected but
you are correct what it is trying to do.

In filter_recipient, add this to reject this exploit attempt:

  #EXIM EXPLOIT 2019 June
  if ($recip =~ /root\+\$\{run/i) {
    $explanation = "Invalid user";
    $answer = 'REJECT';

    return ($answer, $explanation);
  }

Regards,

KAM




More information about the MIMEDefang mailing list