On 6/25/2019 4:25 PM, Stefan Schoeman wrote:
> Hoping someone can assist me with this...
>
> I just came across an email processed by MIMEDefang that seems to have
> had a specially crafted recipient. It seems as if the crafted
> recipient managed to coerce either my mimedefang-filter, or MIMEDefang
> itself to actually execute script. The recipient was recorded as :
It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but
you are correct what it is trying to do.
In filter_recipient, add this to reject this exploit attempt:
#EXIM EXPLOIT 2019 June
if ($recip =~ /root\+\$\{run/i) {
$explanation = "Invalid user";
$answer = 'REJECT';
return ($answer, $explanation);
}
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
