[Mimedefang] Carefully Crafted Recipient executes script?
Dianne Skoll
dianne at skoll.ca
Tue Jun 25 16:55:47 EDT 2019
On 6/25/19 4:50 PM, Kevin A. McGrail wrote:
> It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but
> you are correct what it is trying to do.
> In filter_recipient, add this to reject this exploit attempt:
> #EXIM EXPLOIT 2019 June
> if ($recip =~ /root\+\$\{run/i) {
> $explanation = "Invalid user";
> $answer = 'REJECT';
>
> return ($answer, $explanation);
> }
Thanks for the info; I was racking my brains figuring out how
MIMEDefang could have been tricked by that.
Unless you have odd email addresses, I'd simply reject and address
that contains "${". Then you will catch variants such as
postmaster+${ etc.
Regards,
Dianne.
More information about the MIMEDefang
mailing list