VDB
CNVD-2019-16594
CNVD-2019-16594
PUBLISHED
CVSS 9 CRITICAL
Exim是一个运行于Unix系统中的开源消息传送代理(MTA),它主要负责邮件的路由、转发和投递。 Exim中存在远程代码执行漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞获取Exim服务器控制权。
Risk Scores
CVSS 3.0
9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| exim | exim | 4.92 |
Exploit Intelligence
- SNP Assignment on a Linux vulnerability (github-poc-repo)
- SNP Assignment on a Linux vulnerability (github-poc-repo)
- CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (github-poc-repo)
- CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (github-poc-repo)
- Exploit for CVE-2019-10149 (github-poc-repo)
- Exploit for CVE-2019-10149 (github-poc-repo)
- rahmadsandy/EXIM-4.87-CVE-2019-10149 (github-poc-repo)
- rahmadsandy/EXIM-4.87-CVE-2019-10149 (github-poc-repo)
- Instructions for installing a vulnerable version of Exim and its expluatation (github-poc-repo)
- Instructions for installing a vulnerable version of Exim and its expluatation (github-poc-repo)
…and 104 more exploits
Timeline
- Jun 4, 2019 CVE Published
- Jun 10, 2019 PoC Published
- Jun 13, 2019 PoC Published
- Jun 17, 2019 PoC Published
- Aug 23, 2019 PoC Published
- Aug 26, 2019 PoC Published
- May 28, 2020 PoC Published
- May 29, 2020 PoC Published
- Jun 16, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Oct 22, 2020 PoC Published
- Oct 22, 2020 PoC Published
References
- [oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit mailing-list
- USN-4010-1 vendor-advisory
- [oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit mailing-list
- [oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit mailing-list
- DSA-4456 vendor-advisory
- 20190605 [SECURITY] [DSA 4456-1] exim4 security update mailing-list
- GLSA-201906-01 vendor-advisory
- [oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit mailing-list
- 108679 vdb
- openSUSE-SU-2019:1524 vendor-advisory
- 20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149) mailing-list
- [oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 mailing-list
- [oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 mailing-list
- [oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2 mailing-list
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149 url
- https://www.exim.org/static/doc/security/CVE-2019-10149.txt url
- http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html url
- http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html url
- http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html url
…and 1 more