Exim -- RCE in deliver_message() function
Exim team and Qualys report:
We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.
A patch exists already, is being tested, and backported to all
versions we released since (and including) 4.87.
The severity depends on your configuration. It depends on how close to
the standard configuration your Exim runtime configuration is. The
closer the better.
Exim 4.92 is not vulnerable.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright