CVE-2019-15846

Published: 06 September 2019

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

From the Ubuntu security team

It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.90.1-1ubuntu1.4)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.86.2-2ubuntu2.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.82-3ubuntu2.4+esm1)
Patches:
Upstream: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4