Bug 1715237 (CVE-2019-10149) - CVE-2019-10149 exim: Remote command execution in deliver_message() function in /src/deliver.c
Summary: CVE-2019-10149 exim: Remote command execution in deliver_message() function i...
Alias: CVE-2019-10149
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1716935
Blocks: 1715238
TreeView+ depends on / blocked
Reported: 2019-05-29 21:16 UTC by Pedro Sampaio
Modified: 2020-03-06 14:26 UTC (History)
13 users (show)

Fixed In Version: exim 4.92
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Exim, where improper validation of the recipient address in the deliver_message() function in /src/deliver.c occurred. An attacker could use this flaw to achieve remote command execution.
Clone Of:
Last Closed: 2019-05-30 03:56:19 UTC

Attachments (Terms of Use)

Description Pedro Sampaio 2019-05-29 21:16:06 UTC
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.



Comment 1 Pedro Sampaio 2019-05-30 00:12:51 UTC

Name: Qualys Research Labs

Comment 2 Huzaifa S. Sidhpurwala 2019-05-30 03:56:19 UTC
As per the reporter:

"Exim is vulnerable by default since version 4.87 (released on April 6,2016), when #ifdef EXPERIMENTAL_EVENT became #ifndef DISABLE_EVENT; and
older versions may also be vulnerable if EXPERIMENTAL_EVENT was enabled manually. Surprisingly, this vulnerability was fixed in version 4.92
(released on February 10, 2019)"

Therefore lower versions of exim (Red Hat Enterprise Linux ships exim-4.63) are not affected by this flaw.

Comment 4 Huzaifa S. Sidhpurwala 2019-05-30 04:03:48 UTC

Exim is vulnerable since version 4.87, therefore the version of exim package (exim-4.63) shipped with Red Hat Enterprise Linux 5 is not affected by this flaw.

Comment 5 Dhananjay Arunesh 2019-06-04 12:26:33 UTC
Created exim tracking bugs for this issue:

Affects: epel-all [bug 1716935]

Comment 12 Huzaifa S. Sidhpurwala 2019-06-06 10:50:41 UTC
External References:


Comment 14 Tomas Hoger 2019-06-10 10:06:39 UTC
The above fix was included in mainline / 4.92 via the following commit from Sep 2018:


Note You need to log in before you can comment on or make changes to this bug.