A vulnerability in Exim could allow a remote attacker to execute arbitrary commands.
Package | mail-mta/exim on all architectures |
---|---|
Affected versions | < 4.92 |
Unaffected versions | >= 4.92 |
Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.
A vulnerability was discovered in how Exim validates recipient addresses in the deliver_message() function.
A remote attacker could execute arbitrary commands by sending an email with a specially crafted recipient address to the affected system.
There is no known workaround at this time.
All Exim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.92"
Release date
June 06, 2019
Latest revision
June 06, 2019: 1
Severity
high
Exploitable
remote
Bugzilla entries