Opened 5 years ago
Closed 5 years ago
#12321 closed enhancement (fixed)
exim-4.92.1
Reported by: | Bruce Dubbs | Owned by: | Tim Tassonis |
---|---|---|---|
Priority: | normal | Milestone: | 9.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Note:
See TracTickets
for help on using tickets.
CVE ID: CVE-2019-13917 OVE ID: OVE-20190718-0006 Date: 2019-07-18 Credits: Jeremy Harris Version(s): 4.85 up to and including 4.92 Issue: A local or remote attacker can execute programs with root
Coordinated Release Date (CRD) for Exim 4.92.1:
Contact: exim-security@…
We released Exim 4.92.1. This is a security update based on 4.92.
Conditions to be vulnerable ===========================
If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.
Details =======
The vulnerability is exploitable either remotely or locally and could be used to execute other programs with root privilege. The ${sort } expansion re-evaluates its items.
Mitigation ==========
Do not use ${sort } in your configuration.