[Mimedefang] Carefully Crafted Recipient executes script?

Dianne Skoll dianne at skoll.ca
Tue Jun 25 16:55:47 EDT 2019


On 6/25/19 4:50 PM, Kevin A. McGrail wrote:

> It's an exim exploit CVE-2019-10149.  MIMEDefang won't be affected but
> you are correct what it is trying to do.

> In filter_recipient, add this to reject this exploit attempt:

>   #EXIM EXPLOIT 2019 June
>   if ($recip =~ /root\+\$\{run/i) {
>     $explanation = "Invalid user";
>     $answer = 'REJECT';
> 
>     return ($answer, $explanation);
>   }

Thanks for the info; I was racking my brains figuring out how
MIMEDefang could have been tricked by that.

Unless you have odd email addresses, I'd simply reject and address
that contains "${".  Then you will catch variants such as
postmaster+${ etc.

Regards,

Dianne.



More information about the MIMEDefang mailing list