Allele Security Alert
ASA-2019-00466
Identifier(s)
ASA-2019-00466, CVE-2019-13917, OVE-20190718-0006
Title
Remote code execution with root privileges in unusual configuration
Vendor(s)
The Exim Project
Product(s)
Exim
Affected version(s)
Exim versions 4.85 up to and including 4.92
Fixed version(s)
Exim version 4.92.1
Proof of concept
Unknown
Description
A local or remote attacker can execute programs with root privileges – if you’ve an unusual configuration.
If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.
The vulnerability is exploitable either remotely or locally and could be used to execute other programs with root privilege. The ${sort } expansion re-evaluates its items.
Technical details
Unknown
Workaround
Do not use ${sort } in your configuration.
Credits
Jeremy Harris
Reference(s)
CVE-2019-13917.txt
https://exim.org/static/doc/security/CVE-2019-13917.txt
Avoid re-expansion in ${sort } CVE-2019-13917 OVE-20190718-0006
https://github.com/Exim/exim/commit/cf84d126bc1f04746eb7c8e8b3468f7e70add3ec
CVE-2019-13917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13917
CVE-2019-13917
https://nvd.nist.gov/vuln/detail/CVE-2019-13917
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 1, 2019