2 matches found
Exim < 4.92.1 Input-Validation RCE
According to its banner, the version of Exim running on the remote host is prior to 4.92.1. It is, therefore, potentially affected an input-validation flaw in the '$sort ' expansion. A remote attacker could potentially execute arbitrary code. Note that the default configuration does not include...
FreeBSD : Exim -- RCE in ${sort} expansion (3e0da406-aece-11e9-8d41-97657151f8c2)
Exim team report : A local or remote attacker can execute programs with root privileges - if you've an unusual configuration. If your configuration uses the $sort expansion for items that can be controlled by an attacker e.g. $localpart, $domain. The default config, as shipped by the Exim...