The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Exim: command execution via deliver.c

Synthesis of the vulnerability 

An attacker can use a vulnerability of Exim, in order to run shell commands.
Impacted products: Debian, Exim, openSUSE Leap, Sophos XG Series, SLES, Ubuntu.
Severity of this bulletin: 4/4.
Creation date: 04/06/2019.
Références of this threat: CERTFR-2019-AVI-252, CVE-2019-10149, DSA-4456-1, openSUSE-SU-2019:1524-1, openSUSE-SU-2021:0753-1, USN-4010-1, VIGILANCE-VUL-29463.

Description of the vulnerability 

An attacker can use a vulnerability of Exim, in order to run shell commands.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat bulletin impacts software or systems such as Debian, Exim, openSUSE Leap, Sophos XG Series, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this security threat is critical.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer vulnerability alert.

Solutions for this threat 

Exim: version 4.92.
The version 4.92 is fixed:
  https://www.exim.org/
  https://www.exim.org/mirrors.html

Exim: patch for deliver.c.
A patch is indicated in information sources.

Debian 9: new exim4 packages.
New packages are available:
  Debian 9: exim4 4.89-2+deb9u4

openSUSE Leap: new exim packages.
New packages are available:
  openSUSE Leap 15.0: exim 4.88-lp150.3.3.1
  openSUSE Leap 15.1: exim 4.88-lp151.4.3.1

Sophos XG Firewall: fixed versions for Exim.
Fixed versions are indicated in information sources.

SUSE LE 15 SP1: new exim packages.
New packages are available:
  SUSE LE 15 SP1: exim 4.94.2-bp151.2.4.1

Ubuntu: new exim4 packages.
New packages are available:
  Ubuntu 18.10: exim4 4.91-6ubuntu1.1
  Ubuntu 18.04 LTS: exim4 4.90.1-1ubuntu1.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.