MidnightBSD

Advisories for sa-exim

CVE-2006-1251 MEDIUM

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
sa-exim sa-exim 4.1
sa-exim sa-exim 4.2
sa-exim sa-exim 4.0