Описание
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 4.90.1-1ubuntu1.3 |
| devel | released | 4.92-7ubuntu2 |
| disco | released | 4.92-4ubuntu1.2 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | released | 4.90.1-1ubuntu1.3 |
| esm-infra/xenial | released | 4.86.2-2ubuntu2.4 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | |
| upstream | needs-triage |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Уязвимость почтового сервера Exim, связанная с ошибками обработки объектов в памяти позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3