46 lines
1.5 KiB
Text
46 lines
1.5 KiB
Text
CVE ID: CVE-2019-13917
|
|
OVE ID: OVE-20190718-0006
|
|
Date: 2019-07-18
|
|
Credits: Jeremy Harris
|
|
Version(s): 4.85 up to and including 4.92
|
|
Issue: A local or remote attacker can execute programs with root
|
|
privileges - if you've an unusual configuration. See below.
|
|
|
|
Conditions to be vulnerable
|
|
===========================
|
|
|
|
If your configuration uses the ${sort } expansion for items that can be
|
|
controlled by an attacker (e.g. $local_part, $domain). The default
|
|
config, as shipped by the Exim developers, does not contain ${sort }.
|
|
|
|
Details
|
|
=======
|
|
|
|
The vulnerability is exploitable either remotely or locally and could
|
|
be used to execute other programs with root privilege. The ${sort }
|
|
expansion re-evaluates its items.
|
|
|
|
Mitigation
|
|
==========
|
|
|
|
Do not use ${sort } in your configuration.
|
|
|
|
Fix
|
|
===
|
|
|
|
Download and build a fixed version:
|
|
|
|
Tarballs: http://ftp.exim.org/pub/exim/exim4/
|
|
Git: https://github.com/Exim/exim.git
|
|
- tag exim-4.92.1
|
|
- branch exim-4.92+fixes
|
|
|
|
The tagged commit is the officially released version. The +fixes branch
|
|
isn't officially maintained, but contains useful patches *and* the
|
|
security fix.
|
|
|
|
If you can't install the above versions, ask your package maintainer for
|
|
a version containing the backported fix. On request and depending on our
|
|
resources we will support you in backporting the fix. (Please note,
|
|
that Exim project officially doesn't support versions prior the current
|
|
stable version.)
|