------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=679
           Summary: Problems with vacation_reply
           Product: Exim
           Version: 4.66
          Platform: x86
               URL: http://www.komunix.pl
        OS/Version: FreeBSD
            Status: NEW
          Severity: security
          Priority: critical
         Component: Transports
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]
                CC: [email protected]


There seem to be memory leak in vacation_reply transport.
My configuration is:
vacation_reply:
     driver = autoreply
     from = System automatycznej odpowiedzi <[EMAIL PROTECTED]>
     once = /var/mail/vacation/[EMAIL PROTECTED]
     once_repeat = 1d
     subject = ${if def:h_Subject: {Re:
${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Informacja} }
     headers = "MIME-Version: 1.0\nContent-Type: text/plain;
charset=iso-8859-2\nContent-Transfer-Encoding: 8bit"
     text = "\
     Witaj $h_from\n\n\
     Ta wiadomość została wygenerowana automatycznie\n\
     Tekst poniżej zawiera informację od użytkownika:\n\
     ====================================================\n\n\
     ${lookup mysql {SELECT a.Wiadomosc FROM autoreply a,domeny d, users u
WHERE a.loginid = u.id AND a.domenaid=d.id AND u.login='${local_part}' AND
d.nazwa='${domain}'}}"
     group = exim
     to = "$sender_address"

which means that exim should write database information to
/var/mail/vacation/[EMAIL PROTECTED] which it does.
The problem is that exim writes way too many information to this file.

For example I can find my encrypted root password inside this file.

I belive this is critical security issue which should be fixed as soon
as possible. It would be possible to read this file after getting
exim privileges and then brute-force users passwords.


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details 
at http://www.exim.org/ ##

Reply via email to