CVE-2019-10149

Name of the Vulnerable Software and Affected Versions Exim versions 4.87 through 4.91

Description The issue is related to improper validation of recipient addresses in the deliver message() function, located in /src/deliver.c, which may lead to remote command execution. This flaw can be exploited by an attacker to execute arbitrary code on the server with root privileges. The vulnerability has been reportedly exploited by the Sandworm Team, a group of Russian hackers, to compromise mail servers worldwide. It is estimated that millions of Exim mail servers are vulnerable to this issue.

Recommendations For Exim versions 4.87 through 4.91, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the deliver message() function until a patch is available. Restrict access to the /src/deliver.c module to minimize the risk of exploitation. Avoid using the vulnerable deliver message() function in the affected Exim versions until the issue is resolved.