Exim prior to 4.92.2 allows remote malicious users to execute arbitrary code as root via a trailing backslash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
Remote code flaw sparks calls for major updates Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
Admins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw. The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw. Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused by a buffer overflow error that occurs when Exim processes an extremely long string in an Extended HELO (EHLO) Extended Simple Mail Transfer Protocol (ESMTP) command message...
Install incoming update to avoid having your boxes hijacked Buffer overflow in Unix mailer Exim imperils 400,000 email servers
The widely used Exim email server software is due to be patched today to close a critical security flaw that can be exploited to potentially gain root-level access to the machine. The programming blunder can be abused over the network, or internet if the server is public facing, or by logged-in users to completely commandeer vulnerable installations, steal or tamper with data, install spyware, and so on. The vulnerability, designated CVE-2019-15846, has been kept under tight wraps. Details of th...