Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-15846

Published: 06/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 892
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Exim

Vulnerability Summary

Exim prior to 4.92.2 allows remote malicious users to execute arbitrary code as root via a trailing backslash.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4517-1 exim4 -- security update
"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges For the oldstable distribution (stretch), this problem has been fixed in version 489-2+deb9u6 For the stable distribution (buster), this problem has be ...
Ubuntu Security Notice: exim4 vulnerability
Exim could be made to run programs as an administrator if it received specially crafted network traffic ...
Ubuntu Security Notice: exim4 vulnerability
Exim could be made to run programs as an administrator if it received specially crafted network traffic ...
Amazon Linux AMI: ALAS-2019-1277
Exim before 4922 allows remote attackers to execute arbitrary code as root via a trailing backslash(CVE-2019-15846) ...
Red Hat: CVE-2019-15846
Impact: Critical Public Date: 2019-09-06 CWE: CWE-119->CWE-787 Bugzilla: 1748397: CVE-2019-15846 exi ...
Arch Linux Issues:
Exim before 4922 allows remote attackers to execute arbitrary code as root via a trailing backslash ...

Mailing Lists

Full Disclosure: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges <!--X-Subject-Header-End--> <!- ...
Full Disclosure: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges <!--X-Subject-Header-End--> <!- ...
Full Disclosure: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges <!--X-Subject-Header-End--> <!- ...
Full Disclosure: Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges <!--X-Subject-Header- ...
Full Disclosure: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges <!--X-Subject-Header-End--> <!- ...

Github Repositories

https://github.com/synacktiv/Exim-CVE-2019-15846

PoC materials to exploit CVE-2019-15846

Exim CVE-2019-15846 PoC materials to exploit CVE-2019-15846 Blogpost explaining the PoC is available on Synacktiv Blog This PoC help generate spool files used exploit a heap overflow in exim Two example spool files are given in 1i7Jgy-0002dD-Pb-D and 1i7Jgy-0002dD-Pb-H A specialy crafted spool header file can be generated with exgenpy

https://github.com/area1/exim-cve-2019-10149-data

Data Collection Related to Exim CVE-2019-10149

Exim CVE Data Collection Data Collection Related to Exim Vulnerabilities CVE-2019-10149, CVE-2019-15846, CVE-2019-16928 CVE Announcement: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2019-10149 Exploit Details: wwwexploit-dbcom/exploits/46974 Issue Timeline: seclistsorg/fulldisclosure/2019/Jun/16 NSA Advisory: mediadefensegov/2020/May/28/2002

https://github.com/paulfariello-syn/Exim-CVE-2019-15846

PoC materials to exploit CVE-2019-15846

Exim CVE-2019-15846 PoC materials to exploit CVE-2019-15846 Blogpost explaining the PoC is available on Synacktiv Blog This PoC help generate spool files used exploit a heap overflow in exim Two example spool files are given in 1i7Jgy-0002dD-Pb-D and 1i7Jgy-0002dD-Pb-H A specialy crafted spool header file can be generated with exgenpy

https://github.com/iGotRootSRC/Dorkers

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

https://github.com/d3k4z/nmap-cve2019-15846

nmap-cve2019-15846 Exim before 4922 allows remote attackers to execute arbitrary code as root via a trailing backslash The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake The exploit exists as a POC For more details see doc/doc-txt/cve-2019-15846/ in the source code repository Reference: eximorg/s

Recent Articles

Stop us if you've heard this one before: Yet another critical flaw threatens Exim servers
The Register • Shaun Nichols in San Francisco • 30 Sep 2019

Remote code flaw sparks calls for major updates Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server

Admins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw. The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw. Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused by a buffer overflow error that occurs when Exim processes an extremely long string in an Extended HELO (EHLO) Extended Simple Mail Transfer Protocol (ESMTP) command message...

Read more...
Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
The Register • Shaun Nichols in San Francisco • 06 Sep 2019

Install incoming update to avoid having your boxes hijacked Buffer overflow in Unix mailer Exim imperils 400,000 email servers

The widely used Exim email server software is due to be patched today to close a critical security flaw that can be exploited to potentially gain root-level access to the machine. The programming blunder can be abused over the network, or internet if the server is public facing, or by logged-in users to completely commandeer vulnerable installations, steal or tamper with data, install spyware, and so on. The vulnerability, designated CVE-2019-15846, has been kept under tight wraps. Details of th...

Read more...

References

NVD-CWE-noinfohttp://exim.org/static/doc/security/CVE-2019-15846.txthttps://www.openwall.com/lists/oss-security/2019/09/06/1https://lists.debian.org/debian-lts-announce/2019/09/msg00004.htmlhttps://seclists.org/bugtraq/2019/Sep/13http://www.openwall.com/lists/oss-security/2019/09/06/2https://www.debian.org/security/2019/dsa-4517https://usn.ubuntu.com/4124-1/https://www.kb.cert.org/vuls/id/672565http://www.openwall.com/lists/oss-security/2019/09/06/4http://www.openwall.com/lists/oss-security/2019/09/06/5http://www.openwall.com/lists/oss-security/2019/09/06/6https://security.gentoo.org/glsa/201909-06http://www.openwall.com/lists/oss-security/2019/09/06/8http://www.openwall.com/lists/oss-security/2019/09/07/2http://www.openwall.com/lists/oss-security/2019/09/07/1http://www.openwall.com/lists/oss-security/2019/09/08/1http://www.openwall.com/lists/oss-security/2019/09/09/1http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.htmlhttps://usn.ubuntu.com/4124-2/https://exim.org/static/doc/security/CVE-2019-15846.txthttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4517https://usn.ubuntu.com/4124-1/https://www.kb.cert.org/vuls/id/672565
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook