https://bugs.exim.org/show_bug.cgi?id=3099
--- Comment #4 from Heiko Schlichting <[email protected]> --- I can confirm this bug. It looks like a serious security issue to me. There should be a CVE number for it and it should definitely be fixed before Exim 4.98 is released. Can be reproduced as follows: ----- acl_smtp_mime = acl_check_mime acl_check_mime: deny message = This message contains an attachment of a type that we do not accept ($mime_filename). condition = ${if match {${lc:$mime_filename}}{\N\.exe$\N}} accept ----- Sending the following mails with "exim -t". The second mail should NOT be accepted. ---------------------------- deny --------------------------- From: [email protected] To: [email protected] Subject: Bug 3099 (1) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_695039" ------=_MIME_BOUNDARY_000_695039 Content-Type: text/plain This is a test mailing ------=_MIME_BOUNDARY_000_695039 Content-Type: application/octet-stream Content-Disposition: attachment; filename="example.exe" Content-Transfer-Encoding: BASE64 QmVpc3BpZWwK ------=_MIME_BOUNDARY_000_695039-- ---------------------------- accept --------------------------- From: [email protected] To: [email protected] Subject: Bug 3099 (2) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_MIME_BOUNDARY_000_695039" ------=_MIME_BOUNDARY_000_695039 Content-Type: text/plain This is a test mailing ------=_MIME_BOUNDARY_000_695039 Content-Type: application/octet-stream Content-Disposition: attachment; filename*0*="example3"; filename*1*=".exe" Content-Transfer-Encoding: BASE64 QmVpc3BpZWwK ------=_MIME_BOUNDARY_000_695039-- -- You are receiving this mail because: You are on the CC list for the bug. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
