Exim 4.85 up to and including 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
debian debian linux 10.0 |
||
debian debian linux 9.0 |