MidnightBSD

Advisories for sa-exim_project

CVE-2019-19920 HIGH

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 9.0
sa-exim_project sa-exim 4.2.1
debian debian_linux 8.0
canonical ubuntu_linux 16.04