Security News > 2019 > June > Critical Exim flaw exploitable locally and remotely, patch ASAP!

Critical Exim flaw exploitable locally and remotely, patch ASAP!
2019-06-07 08:56

A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the “root” user. About CVE-2019-10149 CVE-2019-10149 was discovered by Qualys researchers. It is a remote command execution vulnerability that is exploitable instantly by a local attacker and by a remote attacker in certain non-default configurations. “The vulnerability is critical: it allows a local user to easily run commands as … More → The post Critical Exim flaw exploitable locally and remotely, patch ASAP! appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/evifUrVI1AM/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Exim 1 2 14 21 11 48