GLSA-201906-01 : Exim: Remote command execution
High Nessus Plugin ID 125751
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201906-01 (Exim: Remote command execution)
A vulnerability was discovered in how Exim validates recipient addresses in the deliver_message() function.
A remote attacker could execute arbitrary commands by sending an email with a specially crafted recipient address to the affected system.
There is no known workaround at this time.
SolutionAll Exim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/exim-4.92'