CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-13917

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile7.50th
Published2019年7月25日
Last Modified2024年11月21日

Vulnerability Description

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

Affected Platforms (CPE)

📦
Exim

Exim

>= 4.85 and <= 4.92
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0

References & Advisories

🔗 http://exim.org/static/doc/security/CVE-2019-13917.txt
🔗 http://www.openwall.com/lists/oss-security/2019/07/26/5
🔗 https://seclists.org/bugtraq/2019/Jul/51
🔗 https://security.gentoo.org/glsa/201909-06
🔗 https://www.debian.org/security/2019/dsa-4488
🔗 http://exim.org/static/doc/security/CVE-2019-13917.txt
🔗 http://www.openwall.com/lists/oss-security/2019/07/26/5
🔗 https://seclists.org/bugtraq/2019/Jul/51

相关漏洞威胁

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...

CVE-2020-260989.8

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).