------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=679 Summary: Problems with vacation_reply Product: Exim Version: 4.66 Platform: x86 URL: http://www.komunix.pl OS/Version: FreeBSD Status: NEW Severity: security Priority: critical Component: Transports AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [email protected] There seem to be memory leak in vacation_reply transport. My configuration is: vacation_reply: driver = autoreply from = System automatycznej odpowiedzi <[EMAIL PROTECTED]> once = /var/mail/vacation/[EMAIL PROTECTED] once_repeat = 1d subject = ${if def:h_Subject: {Re: ${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Informacja} } headers = "MIME-Version: 1.0\nContent-Type: text/plain; charset=iso-8859-2\nContent-Transfer-Encoding: 8bit" text = "\ Witaj $h_from\n\n\ Ta wiadomość została wygenerowana automatycznie\n\ Tekst poniżej zawiera informację od użytkownika:\n\ ====================================================\n\n\ ${lookup mysql {SELECT a.Wiadomosc FROM autoreply a,domeny d, users u WHERE a.loginid = u.id AND a.domenaid=d.id AND u.login='${local_part}' AND d.nazwa='${domain}'}}" group = exim to = "$sender_address" which means that exim should write database information to /var/mail/vacation/[EMAIL PROTECTED] which it does. The problem is that exim writes way too many information to this file. For example I can find my encrypted root password inside this file. I belive this is critical security issue which should be fixed as soon as possible. It would be possible to read this file after getting exim privileges and then brute-force users passwords. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
