Overview
Under certain configurations, Exim may execute commands embedded in a mail message's From address.
Description
Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through a pipe transport, such as a virus scanner. If Exim does this without first checking the local part of the "To:" address for characters such as "|" (vertical bar), then an attacker can craft a message that would cause Exim to execute arbitrary commands. |
Impact
Remote attackers can run arbitrary commands with privileges of the Exim process. |
Solution
Upgrade Upgrade to Exim 3.36 or Exim 4.10, available from: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Patrice Fournier for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | CVE-2001-0889 |
| Severity Metric: | 5.99 |
| Date Public: | 2001-12-19 |
| Date First Published: | 2002-09-24 |
| Date Last Updated: | 2002-09-24 16:13 UTC |
| Document Revision: | 8 |