[Mimedefang] Carefully Crafted Recipient executes script?
Kevin A. McGrail
KMcGrail at PCCC.com
Tue Jun 25 16:50:00 EDT 2019
On 6/25/2019 4:25 PM, Stefan Schoeman wrote:
> Hoping someone can assist me with this...
>
> I just came across an email processed by MIMEDefang that seems to have
> had a specially crafted recipient. It seems as if the crafted
> recipient managed to coerce either my mimedefang-filter, or MIMEDefang
> itself to actually execute script. The recipient was recorded as :
It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but
you are correct what it is trying to do.
In filter_recipient, add this to reject this exploit attempt:
#EXIM EXPLOIT 2019 June
if ($recip =~ /root\+\$\{run/i) {
$explanation = "Invalid user";
$answer = 'REJECT';
return ($answer, $explanation);
}
Regards,
KAM
More information about the MIMEDefang
mailing list