Bug 1715237 (CVE-2019-10149)
Summary: | CVE-2019-10149 exim: Remote command execution in deliver_message() function in /src/deliver.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | agk, bennie.joubert, darunesh, dwmw2, fleite, huzaifas, jeharris, jskarvad, mpoole, omarandemad, pbergene, security-response-team, tremble |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | exim 4.92 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Exim, where improper validation of the recipient address in the deliver_message() function in /src/deliver.c occurred. An attacker could use this flaw to achieve remote command execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-05-30 03:56:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1716935 | ||
Bug Blocks: | 1715238 |
Description
Pedro Sampaio
2019-05-29 21:16:06 UTC
Acknowledgments: Name: Qualys Research Labs As per the reporter: "Exim is vulnerable by default since version 4.87 (released on April 6,2016), when #ifdef EXPERIMENTAL_EVENT became #ifndef DISABLE_EVENT; and older versions may also be vulnerable if EXPERIMENTAL_EVENT was enabled manually. Surprisingly, this vulnerability was fixed in version 4.92 (released on February 10, 2019)" Therefore lower versions of exim (Red Hat Enterprise Linux ships exim-4.63) are not affected by this flaw. Statement: Exim is vulnerable since version 4.87, therefore the version of exim package (exim-4.63) shipped with Red Hat Enterprise Linux 5 is not affected by this flaw. Created exim tracking bugs for this issue: Affects: epel-all [bug 1716935] External References: https://www.exim.org/static/doc/security/CVE-2019-10149.txt The above fix was included in mainline / 4.92 via the following commit from Sep 2018: https://git.exim.org/exim.git/commitdiff/7ea1237c783e380d7bdb86c90b13d8203c7ecf26 |