Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-13917

Published: 25/07/2019 Updated: 07/09/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Exim

Vulnerability Summary

Exim 4.85 up to and including 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

debian debian linux 10.0

debian debian linux 9.0

Vendor Advisories

Ubuntu Security Notice: exim4 vulnerability
Exim could be made to run programs as an administrator if it received specially crafted network traffic ...
Debian Security Advisories: DSA-4488-1 exim4 -- security update
Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items that can be controlled by an attacker For the oldstable distribu ...
Amazon Linux AMI: ALAS-2019-1252
Exim allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (eg, $local_part or $domain) ( CVE-2019-13917) ...
Red Hat: CVE-2019-13917
Impact: Important Public Date: 2019-07-25 CWE: CWE-20 Bugzilla: 1731412: CVE-2019-13917 exim: ${sort} i ...
Arch Linux Issues:
Severity Critical Remote Yes Type Arbitrary code execution Description AVG-1011 exim 492-1 Critical Vulnerable seclistsorg/oss-sec/2019/q3/63 ...

Mailing Lists

Full Disclosure: Re: Security release pre-announcement messages
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Security release pre-announcement messages <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Greg KH &lt;greg ( ...
Full Disclosure: Re: Security release pre-announcement messages
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Security release pre-announcement messages <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Stiepan &lt;stie ( ...
Full Disclosure: Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...
Full Disclosure: Re: Security release pre-announcement messages
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Security release pre-announcement messages <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Stiepan &lt;stie ( ...
Full Disclosure: Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...
Full Disclosure: Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...
Full Disclosure: Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...
Full Disclosure: Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...

References

CWE-19http://exim.org/static/doc/security/CVE-2019-13917.txthttps://www.debian.org/security/2019/dsa-4488http://www.openwall.com/lists/oss-security/2019/07/26/5https://seclists.org/bugtraq/2019/Jul/51https://security.gentoo.org/glsa/201909-06https://usn.ubuntu.com/4075-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook