Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote malicious users to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sa-exim sa-exim 4.0 |
||
sa-exim sa-exim 4.1 |
||
sa-exim sa-exim 4.2 |