On 6/25/2019 4:25 PM, Stefan Schoeman wrote: > Hoping someone can assist me with this... > > I just came across an email processed by MIMEDefang that seems to have > had a specially crafted recipient. It seems as if the crafted > recipient managed to coerce either my mimedefang-filter, or MIMEDefang > itself to actually execute script. The recipient was recorded as :
It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but you are correct what it is trying to do. In filter_recipient, add this to reject this exploit attempt: #EXIM EXPLOIT 2019 June if ($recip =~ /root\+\$\{run/i) { $explanation = "Invalid user"; $answer = 'REJECT'; return ($answer, $explanation); } Regards, KAM _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang