CVE-2006-1251

Name of the Vulnerable Software and Affected Versions sa-exim version 4.2

Description The issue allows remote attackers to delete arbitrary files by sending an email with a To field containing a filename separated by whitespace. This filename is not properly quoted when provided as an argument to the rm command by greylistclean.cron, leading to argument injection.

Recommendations For sa-exim version 4.2, consider modifying the greylistclean.cron script to properly quote filenames before passing them to the rm command as a temporary workaround. Restrict access to the greylistclean.cron script to minimize the risk of exploitation.