sa-exim 4.2.1 allows malicious users to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sa-exim project sa-exim 4.2.1 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 16.04 |