FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Exim -- RCE in deliver_message() function

Affected packages
4.87 <= exim < 4.92

Details

VuXML ID 45bea6b5-8855-11e9-8d41-97657151f8c2
Discovery 2019-05-27
Entry 2019-06-06

Exim team and Qualys report:

We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

Exim 4.92 is not vulnerable.

[source]

References

CVE Name CVE-2019-10149
URL https://www.exim.org/static/doc/security/CVE-2019-10149.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.