Arch Linux: 201909-3 Critical: Exim Arbitrary Command Execution
Sep 11, 2019
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package exim before version 4.92.2-1 is vulnerable to arbitrary command execution.
Arch Linux Security Advisory ASA-201909-3 ======================================== Severity: Critical Date : 2019-09-06 CVE-ID : CVE-2019-15846 Package : exim Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1037 Summary ====== The package exim before version 4.92.2-1 is vulnerable to arbitrary command execution. Resolution ========= Upgrade to 4.92.2-1. # pacman -Syu "exim>=4.92.2-1" The problem has been fixed upstream in version 4.92.2. Workaround ========= None. Description ========== Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Impact ===== A remote attacker is able to execute arbitrary commands with root privileges. References ========= https://exim.org/static/doc/security/CVE-2019-15846.txt https://security.archlinux.org/CVE-2019-15846
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!