Описание
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| exim4 | fixed | 4.92~RC3-1 | package | |
| exim4 | not-affected | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2019/06/04/1
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://www.openwall.com/lists/oss-security/2019/06/06/1
https://github.com/Exim/exim/commit/7ea1237c783e380d7bdb86c90b13d8203c7ecf26 (exim-4.92-RC1)
https://git.exim.org/exim.git/commit/d740d2111f189760593a303124ff6b9b1f83453d (exim-4_91+fixes)
Связанные уязвимости
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.