------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=679
Summary: Problems with vacation_reply
Product: Exim
Version: 4.66
Platform: x86
URL: http://www.komunix.pl
OS/Version: FreeBSD
Status: NEW
Severity: security
Priority: critical
Component: Transports
AssignedTo: nigel@exim.org
ReportedBy: m.cetler@komunix.pl
CC: exim-dev@exim.org
There seem to be memory leak in vacation_reply transport.
My configuration is:
vacation_reply:
driver = autoreply
from = System automatycznej odpowiedzi <${local_part}@${domain}>
once = /var/mail/vacation/vacation-$local_part@$domain.db
once_repeat = 1d
subject = ${if def:h_Subject: {Re:
${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Informacja} }
headers = "MIME-Version: 1.0\nContent-Type: text/plain;
charset=iso-8859-2\nContent-Transfer-Encoding: 8bit"
text = "\
Witaj $h_from\n\n\
Ta wiadomość została wygenerowana automatycznie\n\
Tekst poniżej zawiera informację od użytkownika:\n\
====================================================\n\n\
${lookup mysql {SELECT a.Wiadomosc FROM autoreply a,domeny d, users u
WHERE a.loginid = u.id AND a.domenaid=d.id AND u.login='${local_part}' AND
d.nazwa='${domain}'}}"
group = exim
to = "$sender_address"
which means that exim should write database information to
/var/mail/vacation/vacation-$local_part@$domain.db which it does.
The problem is that exim writes way too many information to this file.
For example I can find my encrypted root password inside this file.
I belive this is critical security issue which should be fixed as soon
as possible. It would be possible to read this file after getting
exim privileges and then brute-force users passwords.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=679
Summary: Problems with vacation_reply
Product: Exim
Version: 4.66
Platform: x86
URL: http://www.komunix.pl
OS/Version: FreeBSD
Status: NEW
Severity: security
Priority: critical
Component: Transports
AssignedTo: nigel@exim.org
ReportedBy: m.cetler@komunix.pl
CC: exim-dev@exim.org
There seem to be memory leak in vacation_reply transport.
My configuration is:
vacation_reply:
driver = autoreply
from = System automatycznej odpowiedzi <${local_part}@${domain}>
once = /var/mail/vacation/vacation-$local_part@$domain.db
once_repeat = 1d
subject = ${if def:h_Subject: {Re:
${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Informacja} }
headers = "MIME-Version: 1.0\nContent-Type: text/plain;
charset=iso-8859-2\nContent-Transfer-Encoding: 8bit"
text = "\
Witaj $h_from\n\n\
Ta wiadomość została wygenerowana automatycznie\n\
Tekst poniżej zawiera informację od użytkownika:\n\
====================================================\n\n\
${lookup mysql {SELECT a.Wiadomosc FROM autoreply a,domeny d, users u
WHERE a.loginid = u.id AND a.domenaid=d.id AND u.login='${local_part}' AND
d.nazwa='${domain}'}}"
group = exim
to = "$sender_address"
which means that exim should write database information to
/var/mail/vacation/vacation-$local_part@$domain.db which it does.
The problem is that exim writes way too many information to this file.
For example I can find my encrypted root password inside this file.
I belive this is critical security issue which should be fixed as soon
as possible. It would be possible to read this file after getting
exim privileges and then brute-force users passwords.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##