On 6/25/19 4:50 PM, Kevin A. McGrail wrote:
> It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but
> you are correct what it is trying to do.
> In filter_recipient, add this to reject this exploit attempt:
> #EXIM EXPLOIT 2019 June
> if ($recip =~ /root\+\$\{run/i) {
> $explanation = "Invalid user";
> $answer = 'REJECT';
>
> return ($answer, $explanation);
> }
Thanks for the info; I was racking my brains figuring out how
MIMEDefang could have been tricked by that.
Unless you have odd email addresses, I'd simply reject and address
that contains "${". Then you will catch variants such as
postmaster+${ etc.
Regards,
Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
