Vulnerability in Exim mail server
CVE-2019-10149, 7.5
Sources
https://www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim-abridged.txt
https://nvd.nist.gov/vuln/detail/CVE-2019-10149
Risks
During a code review of the latest changes in the Exim mail server, Qualys discovered an RCE vulnerability in versions 4.87 to 4.91 (inclusive).
In this particular case, RCE means Remote *Command* Execution, not Remote Code Execution; an attacker can execute arbitrary commands with execv() as root.
Description
A vulnerability in Exim mail server which allows an attacker to execute commands as root. The severity varies depending on the configuration of the Exim mail server.
This vulnerability is exploitable instantly by a local attacker. This vulnerability can also be exploited remotely with non-default configurations. To remotely exploit this vulnerability in the default configuration an attacker must keep a connection to the server open for 7 days. However, Exim’s code is quite complex and there can be alternative ways to exploit this.
Recommended Actions
CERT.be recommends systems administrators to follow this up and to act accordingly should they be running a compromised version of Exim. The vulnerability has been patched in Exim 4.92. We recommend the installation of the latest version of this software in case you are still running an older version.