exim: ${sort} in configuration leads to privilege escalation (CVE-2019-13917)
A flaw was found in exim, in which if the server configuration uses the ${sort } expansion, then this could be controlled by the remote attacker (e.g. $local_part, $domain), resulting in the attacker able to execute programs with root privileges.
Note: The default config, as shipped by exim upstream, does not contain ${sort }.
exim versions from 4.85 up to and including 4.92 are affected.
Fixed In Version:
exim 4.92.1
References:
- https://www.exim.org/static/doc/security/CVE-2019-13917.txt
- https://www.openwall.com/lists/oss-security/2019/07/26/5
Affected branches:
-
master -
3.10-stable