Viktor Dukhovni <[email protected]> wrote:
>
> FWIW, Postfix never uses gethostbyname() on systems that have
> getaddrinfo() (build configuration enables IPv6 API support).
Exim's DNS code has a rather long history :-)
> On systems with no IPv6 API Postfix only calls gethostbyname()
> after first dealing with literal address forms via inet_pton().
> In other words, literal IPv4 addresses accepted by inet_pton(),
> are never passed to gethostbyname().
Exim mostly takes a similar approach.
The specific weakness used by the Qualys exploit is that Exim will pass an
attacker-controlled string - the HELO hostname - to gethostbyname.
You can avoid this exploit by making sure your configuration leaves the
following unset in the main part of the configuration
helo_verify_hosts
helo_try_verify_hosts
and by not using the following in any ACLs
verify = helo
Tony.
--
<[email protected]> <[email protected]> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
