CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-10149

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score58.8730%
EPSS Percentile94.51th
Published2019年6月5日
Last Modified2025年11月6日

Vulnerability Description

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Affected Platforms (CPE)

📦
Exim

Exim

>= 4.87 and <= 4.91
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 18.10
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html
🔗 http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html
🔗 http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html
🔗 http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html
🔗 http://seclists.org/fulldisclosure/2019/Jun/16
🔗 http://www.openwall.com/lists/oss-security/2019/06/05/2
🔗 http://www.openwall.com/lists/oss-security/2019/06/05/3
🔗 http://www.openwall.com/lists/oss-security/2019/06/05/4

相关漏洞威胁

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...

CVE-2020-260989.8

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).