CVE-2019-19920

2019-12-22T18:15:00
ID CVE-2019-19920
Type cve
Reporter cve@mitre.org
Modified 2020-01-09T19:15:00

Description

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.