7.5
CVSSv2

CVE-2019-10149

Published: 05/06/2019 Updated: 11/06/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Exim could allow a remote malicious user to execute arbitrary code on the system. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
EximExim4.87, 4.91

Vendor Advisories

Exim could be made to run commands if it received specially crafted network traffic ...
The Qualys Research Labs reported a flaw in Exim, a mail transport agent Improper validation of the recipient address in the deliver_message() function may result in the execution of arbitrary commands For the stable distribution (stretch), this problem has been fixed in version 489-2+deb9u4 We recommend that you upgrade your exim4 packages Fo ...
A flaw was found in Exim versions 487 to 491 before release 120 (inclusive) Improper validation of recipient address in deliver_message() function in /src/deliverc may lead to remote command execution (CVE-2019-10149 ) ...
A flaw was found in the way exim validated recipient addresses A remote attacker could use this flaw to execute arbitrary commands on the exim server with the permissions of the user running the application ...

Exploits

Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4456-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 05, 2019 wwwdebianorg/security/faq ...
Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...
The fix for CVE-2019-10149 is public now giteximorg/eximgit Branch exim-4_91+fixes Thank you to - Qualys for reporting it - Jeremy for fixing it - you for using Exim Sorry for confusion about the public release We were forced to react, as details leaked The patch should apply cleanly to all affected version ...
Hi, our non-public security Git repo is ssh://git () git exim org/eximgit Access is granted to the known and trusted SSH keys we have The branch fix-CVE-2019-10149 contains the fix It is one commit ahead of the exim-4_91+fixes branch and we'll eventuelly merge it into the +fixes branch The relevant commit is d740d2111f189760593a303124f ...
CVE-2019-10149 Exim 487 to 491 ================================ We received a report of a possible remote exploit Currently there is no evidenice of an active use of this exploit A patch exists already, is being tested, and backported to all versions we released since (and including) 487 The severity depends on your configuration It dep ...
Hi all, On Wed, Jun 05, 2019 at 05:19:44PM +0200, Heiko Schlittermann wrote: As per the distros list policy: Below is an abridged version of our advisory (with all the vulnerability details, but without exploitation details); we will publish the complete version in 24 hours, or as soon as third-party exploits are published, whichever happens fi ...
Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...

Github Repositories

Exploits Miscellaneous proof of concept exploit code for testing purposes Current Exploits Exim 487 < 491 LPE (CVE-2019-10149) Licence See individual exploits for their respective licences Bug Reports I'll take the quality of our exploit code very seriously If you find a bug, or an edge case where an exploit fails to succeed against a vulnerable target, do le

PoC-CVE-2019-10149_Exim Script in python3 for a PoC of the vulnerability CVE-2019-10149 with CVSS v3 98 This vulnerability could be xploited in versions betwen 487 to 491 of Exim server

CVE-2019-10149-quick Simple Bash shell quick fix CVE-2019-10149

eximrce Simple python socket connection to test if exim is vulnerable to CVE-2019-10149 The payload simply touch a file in /root/lweximtest Output will be slow depending on server's reply Run locally on suspected server This checks for indication of compromise curl -s rawgithubusercontentcom/cowbe0x004/eximrce-CVE-2019-10149/master/eximiocsh |bash Run remo

eximrce NOT DONE simple python socket connection to test if exim is vulnerable to CVE-2019-10149 The payload simply touch a file in /tmp/eximrce

Recent Articles

Millions of Linux Servers Under Worm Attack Via Exim Flaw
Threatpost • Lindsey O'Donnell • 14 Jun 2019

A widespread campaign is exploiting a vulnerability in the Exim mail transport agent (MTA) to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit.
Specifically under attack is a flaw in Exim-based mail servers, which run almost 57 percent of the internet’s email servers. Attackers are exploiting the flaw, discovered last week, to take control of the victim ...

Critical bug found in popular mail server software
welivesecurity • Tomáš Foltýn • 07 Jun 2019

Exim, the popular mail transfer agent (MTA) software, contains a critical-rated vulnerability that can, in some scenarios, enable remote attackers to run commands of their choice on unpatched mail servers, researchers from Qualys have found.
Tracked under CVE-2019-10149, the remote command execution flaw impacts Exim installations 4.87 through 4.91. The bug was fixed with the latest version (4.92) of the open-source software, albeit, by all accounts, unknowingly. According to Qualys, the i...