PT-2019-16009 · Exim+1 · Sa-Exim+1

Henrik Krohns

·

Publicado

2019-12-22

·

Atualizado

2022-12-14

·

CVE-2019-19920

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions sa-exim version 4.2.1
Description The issue allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature.
Recommendations For sa-exim version 4.2.1, consider disabling the use of eval in Greylisting.pm or restrict access to writing .cf files and rules until a patch is available.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2019-19920
DLA-2062-1
USN-4520-1

Produtos afetados

Ubuntu
Sa-Exim