Copy
CVE ID: CVE-2019-13917
OVE ID: OVE-20190718-0006
Date: 2019-07-18
Credits: Jeremy Harris
Version(s): 4.85 up to and including 4.92
Issue: A local or remote attacker can execute programs with root
privileges - if you've an unusual configuration. For details
see below.

Details:

A vulnerability was discovered in the "sort" expansion operator. The elements of the list were expanded, giving a possible attack if the list included data supplied by an attacker.

If the effective configuration file for exim does not use sort then the system is trivially declarable as not being vulnerable. Use this command to check: "exim -bP config | grep sort".

Reference:

https://lists.gt.net/exim/announce/112500

==============================================

UNSUBSCRIBE:
https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=f512fc2224&e=[UNIQID]&c=acc81c241b

FORWARD EMAIL:
http://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=acc81c241b&e=[UNIQID]

UPDATE PROFILE:
https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=f512fc2224&e=[UNIQID]