CVE ID: CVE-2019-13917
OVE ID: OVE-20190718-0006
Credits: Jeremy Harris
Version(s): 4.85 up to and including 4.92
Issue: A local or remote attacker can execute programs with root
privileges - if you've an unusual configuration. For details
A vulnerability was discovered in the "sort" expansion operator. The elements of the list were expanded, giving a possible attack if the list included data supplied by an attacker.
If the effective configuration file for exim does not use sort then the system is trivially declarable as not being vulnerable. Use this command to check: "exim -bP config | grep sort".