Under certain configurations, Exim may execute commands embedded in a mail message's From address.
Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through a pipe transport, such as a virus scanner. If Exim does this without first checking the local part of the "To:" address for characters such as "|" (vertical bar), then an attacker can craft a message that would cause Exim to execute arbitrary commands.
Remote attackers can run arbitrary commands with privileges of the Exim process.
Upgrade to Exim 3.36 or Exim 4.10, available from:
Thanks to Patrice Fournier for reporting this vulnerability.
|Date First Published:||2002-09-24|
|Date Last Updated:||2002-09-24 16:13 UTC|