Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Gentoo FoundationGLSA-201906-01

HistoryJun 06, 2019 - 12:00 a.m.

Exim: Remote command execution

2019-06-0600:00:00

Gentoo Foundation

security.gentoo.org

139

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Background

Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.

Description

A vulnerability was discovered in how Exim validates recipient addresses in the deliver_message() function.

Impact

A remote attacker could execute arbitrary commands by sending an email with a specially crafted recipient address to the affected system.

Workaround

There is no known workaround at this time.

Resolution

All Exim users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/exim< 4.92UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	mail-mta/exim	< 4.92	UNKNOWN

nessus 8

openvas 4

msrc 4

rapid7blog 1

packetstorm 2

zdt 3

freebsd 1

amazon 1

githubexploit 7

osv 2

attackerkb 2

exploitpack 2

ubuntucve 1

debian 2

ubuntu 1

checkpoint_advisories 1

suse 4

myhack58 1

canvas 1

metasploit 1

qualysblog 5

redhatcve 1

threatpost 4

cisa 3

prion 1

alpinelinux 1

debiancve 1

cisa_kev 1

cve 1

exploitdb 3

thn 6

securelist 2

ics 2

nessus

Ubuntu 18.04 LTS : Exim vulnerability (USN-4010-1)

2019-06-07 00:00:00

openSUSE Security Update : exim (openSUSE-2019-1524)

2019-06-12 00:00:00

GLSA-201906-01 : Exim: Remote command execution

2019-06-07 00:00:00

openvas

Ubuntu Update for exim4 USN-4010-1

2019-06-06 00:00:00

Exim 4.87 - 4.91 RCE Vulnerability

2019-06-07 00:00:00

openSUSE: Security Advisory for Security (openSUSE-SU-2019:1524-1)

2019-06-08 00:00:00

msrc

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

2019-06-13 07:00:00

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

2019-06-14 00:27:32

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

2019-06-15 03:48:55

rapid7blog

NICER Protocol Deep Dive: Internet Exposure of SMTP

2020-10-02 13:58:23

packetstorm

Exim 4.91 Local Privilege Escalation

2019-08-23 00:00:00

Exim 4.91 Local Privilege Escalation

2019-06-17 00:00:00

zdt

Exim 4.91 Local Privilege Escalation Exploit

2019-06-17 00:00:00

Exim 4.87 / 4.91 - Local Privilege Escalation Exploit

2019-08-23 00:00:00

Exim 4.87 < 4.91 - (Local / Remote) Command Execution Exploit

2019-06-07 00:00:00

freebsd

Exim -- RCE in deliver_message() function

2019-05-27 00:00:00

amazon

Critical: exim

2019-06-05 17:12:00

githubexploit

Exploit for OS Command Injection in Exim

2019-10-21 08:13:27

Exploit for OS Command Injection in Exim

2019-06-12 03:47:16

Exploit for OS Command Injection in Exim

2019-06-27 01:34:41

osv

CVE-2019-10149

2019-06-05 14:29:11

exim4 - security update

2019-06-05 00:00:00

attackerkb

CVE-2019-10149

2019-06-05 00:00:00

CVE-2019-10149

2020-05-28 00:00:00

exploitpack

Exim 4.87 - 4.91 - Local Privilege Escalation

2019-06-17 00:00:00

Exim 4.87 4.91 - (Local Remote) Command Execution

2019-06-05 00:00:00

ubuntucve

CVE-2019-10149

2019-06-04 00:00:00

debian

[SECURITY] [DSA 4456-1] exim4 security update

2019-06-05 15:35:03

[SECURITY] [DSA 4456-1] exim4 security update

2019-06-05 15:35:03

ubuntu

Exim vulnerability

2019-06-05 00:00:00

checkpoint_advisories

Exim Mail Server Remote Code Execution (CVE-2019-10149)

2019-06-12 00:00:00

suse

Security update exim (important)

2019-06-07 00:00:00

Security update for exim (critical)

2021-05-20 00:00:00

Security update for exim (critical)

2021-05-07 00:00:00

myhack58

CVE-2019-10149: the Exim remote command execution vulnerability and early warning analysis-vulnerability warning-the black bar safety net

2019-06-13 00:00:00

canvas

Immunity Canvas: EXIM_EXPANSION_RCE

2019-06-05 14:29:00

metasploit

Exim 4.87 - 4.91 Local Privilege Escalation

2019-07-04 14:02:03

qualysblog

NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)

2020-05-29 22:42:14

Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)

2019-06-14 22:27:14

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

redhatcve

CVE-2019-10149

2019-06-04 12:51:00

threatpost

Microsoft Pushes Azure Users to Patch Linux Systems

2019-06-17 15:02:52

Millions of Linux Servers Under Worm Attack Via Exim Flaw

2019-06-14 14:04:30

Critical Exim Flaw Opens Servers to Remote Code Execution

2019-09-30 14:12:35

cisa

Exim Releases Security Patches

2019-06-13 00:00:00

NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability

2020-05-28 00:00:00

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-01-10 00:00:00

prion

Input validation

2019-06-05 14:29:00

alpinelinux

CVE-2019-10149

2019-06-05 14:29:00

debiancve

CVE-2019-10149

2019-06-05 14:29:00

cisa_kev

Exim Mail Transfer Agent (MTA) Improper Input Validation

2022-01-10 00:00:00

cve

CVE-2019-10149

2019-06-05 14:29:00

exploitdb

Exim 4.87 - 4.91 - Local Privilege Escalation

2019-06-17 00:00:00

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)

2019-08-26 00:00:00

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

2019-06-05 00:00:00

thn

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

2019-09-06 12:48:00

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

2019-09-30 12:14:00

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

2019-07-25 09:38:00

securelist

APT trends report Q2 2020

2020-07-29 10:00:09

IT threat evolution Q2 2019. Statistics

2019-08-19 10:00:00

ics

Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

2020-12-01 12:00:00

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

2022-03-01 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for GLSA-201906-01