diff options
Diffstat (limited to 'doc/cve-2019-13917')
-rw-r--r-- | doc/cve-2019-13917 | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/cve-2019-13917 b/doc/cve-2019-13917 new file mode 100644 index 0000000..fd94da8 --- /dev/null +++ b/doc/cve-2019-13917 @@ -0,0 +1,46 @@ +CVE ID: CVE-2019-13917 +OVE ID: OVE-20190718-0006 +Date: 2019-07-18 +Credits: Jeremy Harris +Version(s): 4.85 up to and including 4.92 +Issue: A local or remote attacker can execute programs with root + privileges - if you've an unusual configuration. See below. + +Conditions to be vulnerable +=========================== + +If your configuration uses the ${sort } expansion for items that can be +controlled by an attacker (e.g. $local_part, $domain). The default +config, as shipped by the Exim developers, does not contain ${sort }. + +Details +======= + +The vulnerability is exploitable either remotely or locally and could +be used to execute other programs with root privilege. The ${sort } +expansion re-evaluates its items. + +Mitigation +========== + +Do not use ${sort } in your configuration. + +Fix +=== + +Download and build a fixed version: + + Tarballs: http://ftp.exim.org/pub/exim/exim4/ + Git: https://github.com/Exim/exim.git + - tag exim-4.92.1 + - branch exim-4.92+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains useful patches *and* the +security fix. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +that Exim project officially doesn't support versions prior the current +stable version.) |