Описание
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Отчет
As per upstream, this exim security flaw only affects exim versions from 4.85 up to and including 4.92. Since Red Hat Enterprise Linux 5 ships exim-4.63, it is not affected by this flaw.
Меры по смягчению последствий
Do not use ${sort } in your exim configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | exim | Not affected |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Уязвимость почтового сервера Exim, связанная с ошибками обработки объектов в памяти позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
8.1 High
CVSS3