FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Exim -- RCE in deliver_message() function

Affected packages
4.87 <= exim < 4.92


VuXML ID 45bea6b5-8855-11e9-8d41-97657151f8c2
Discovery 2019-05-27
Entry 2019-06-06

Exim team and Qualys report:

We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

Exim 4.92 is not vulnerable.


CVE Name CVE-2019-10149