Exim does not adequately validate user input thereby allow execution of arbitrary commands

Overview

Under certain configurations, Exim may execute commands embedded in a mail message’s From address.

Description

Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through a pipe transport, such as a virus scanner. If Exim does this without first checking the local part of the “To:” address for characters such as “|” (vertical bar), then an attacker can craft a message that would cause Exim to execute arbitrary commands.

---

Impact

Remote attackers can run arbitrary commands with privileges of the Exim process.

---

Solution

Upgrade

Upgrade to Exim 3.36 or Exim 4.10, available from:

<http://www.exim.org>

---

Vendor Information

283723

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

University of Cambridge Affected

Updated: September 20, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23283723 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.exim.org/mailman/listinfo/exim-users&gt;
• <http://www.securityfocus.com/bid/3728&gt;

Acknowledgements

Thanks to Patrice Fournier for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2001-0889
Severity Metric:	5.99 Date Public: