vulnerability
Exim: Exim deliver_message() Remote Command Execution Vulnerability (CVE-2019-10149)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 7, 2019 | Jun 7, 2019 | May 3, 2022 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 7, 2019
Added
Jun 7, 2019
Modified
May 3, 2022
Description
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Solution
exim-upgrade-4_92
References
- BID-108679
- CVE-2019-10149
- https://attackerkb.com/topics/CVE-2019-10149
- DEBIAN-DSA-4456
- URL-https://www.exim.org/static/doc/security/CVE-2019-10149.txt
- URL-https://www.openwall.com/lists/oss-security/2019/06/05/2
- URL-https://www.openwall.com/lists/oss-security/2019/06/05/3
- URL-https://www.openwall.com/lists/oss-security/2019/06/05/4
- URL-https://www.openwall.com/lists/oss-security/2019/06/06/1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.