A cikin uwar garken imel na Exim m (), wanda zai iya haifar da aiwatar da lambar nesa akan uwar garken tare da haƙƙoƙin tushen lokacin sarrafa buƙatun ƙira na musamman. Yiwuwar yin amfani da matsalar an lura da shi a cikin nau'ikan daga 4.87 zuwa 4.91 wanda ya haɗa da ko lokacin gini tare da zaɓi na EXPERIMENTAL_EVENT.
A cikin saitunan tsoho, ana iya aiwatar da harin ba tare da matsalolin da ba dole ba daga mai amfani na gida, tunda ana amfani da "tabbata = mai karɓa" ACL, wanda ke yin ƙarin bincike don adiresoshin waje. Harin nesa zai iya faruwa lokacin da aka canza saituna, kamar yin aiki azaman MX na biyu don wani yanki, cire "tabbatar = mai karɓa" ACL, ko wasu canje-canje zuwa local_part_suffix). Har ila yau, harin nesa yana yiwuwa idan maharin ya sami damar ci gaba da haɗi zuwa uwar garken a buɗe na tsawon kwanaki 7 (misali, aika byte ɗaya a cikin minti daya don ƙetare lokacin ƙarewa). A lokaci guda kuma, yana yiwuwa a sami hanyoyin kai hari mafi sauƙi don yin amfani da matsalar nesa.
Rashin lafiyar yana faruwa ta hanyar tabbatar da kuskuren adireshin mai karɓa a cikin aikin deliver_message() da aka ayyana a cikin /src/deliver.c fayil. Ta hanyar sarrafa tsarin adireshin, maharin zai iya samun nasarar sauya bayanansa cikin muhawarar umarni da ake kira ta hanyar aikin execv () tare da haƙƙin tushen. Aiki baya buƙatar amfani da hadaddun dabarun da aka yi amfani da su don ambaliya ko ɓarna a ƙwaƙwalwar ajiya; Sauƙaƙe musanyawa ya isa.
Matsalar tana da alaƙa da amfani da ginin don canza adireshin:
deliver_localpart = expand_string (
string_sprintf("${local_part:%s}", new->adireshi));
deliver_domain = expand_string(
string_sprintf("${domain:%s}", new->adireshi));
Aiki na expand_string() mai haɗakarwa ne mai rikitarwa, gami da sanin umarnin "${gudu{umarnin gardama}", wanda ke kaiwa ga ƙaddamar da mai sarrafa waje. Don haka, don kai hari a cikin zaman SMTP, mai amfani na gida kawai yana buƙatar aika umarni kamar 'RCPT TO "sunan mai amfani +${gudu{...}}@localhost", inda localhost yana ɗaya daga cikin runduna daga lissafin local_domains, kuma sunan mai amfani shine sunan mai amfani na gida.
Idan uwar garken yana aiki azaman hanyar isar da sako, ya isa a aika da nisa umarni 'RCPT TO “${run{...}}@relaydomain.com”, inda relaydomain.com yana ɗaya daga cikin runduna da aka jera a cikin relay_to_domains. sashin saituna. Tunda Exim baya tsoho don sauke yanayin gata (deliver_drop_privilege = ƙarya), umarnin da aka wuce ta hanyar "${gudu{...}}" za a aiwatar da su azaman tushen.
Abin lura ne cewa raunin ya kasance a cikin sakin 4.92 da aka saki a watan Fabrairu, ba tare da jaddada cewa gyara zai iya haifar da matsalolin tsaro ba. Babu wani dalili da za a yi imani da cewa da gangan an ɓoye raunin da masu haɓaka Exim suka yi, tunda an gyara matsalar a lokacin. gazawar da ke faruwa lokacin da aka watsa adiresoshin da ba daidai ba, kuma Qualys ya gano raunin yayin binciken canje-canje a Exim.
Gyaran juzu'in da suka gabata waɗanda ke ci gaba da amfani da su a cikin rarrabawa yana samuwa kawai azaman . An shirya fitar da gyara don rassan baya don gyara matsalar a ranar 11 ga Yuni. An shirya sabunta fakitin don , , . и Suna ba da sigar 4.92, wanda matsalar ba ta bayyana ba. RHEL da matsalar CentOS , tunda ba a haɗa Exim cikin ma'ajiyar fakitin su na yau da kullun ba.
source: budenet.ru