[exim-dev] [Bug 2118] New: sendmail -be and ${run} macro sec…

Pàgina inicial
Aquest missatge és part del següent fil:
M++++++++++\l'arbre de fils complet ordenat per data
MMMMMMMMMMMM 
M....MMadmin en ->
Delete this message
Reply to this message
Autor: admin
Data:  
A: exim-dev
Assumpte: [exim-dev] [Bug 2118] New: sendmail -be and ${run} macro security problem
https://bugs.exim.org/show_bug.cgi?id=2118 

            Bug ID: 2118
           Summary: sendmail -be and ${run} macro security problem
           Product: Exim
           Version: 4.89
          Hardware: All
                OS: FreeBSD
            Status: NEW
          Severity: security
          Priority: medium
         Component: General execution
          Assignee: nigel@???
          Reporter: taki@???
                CC: exim-dev@???


I found this WordPress + Exim remote code execution exploit on exploit-db site.
It uses "exim -be '${run...}'" to place payload on the remote system.

https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

--
You are receiving this mail because:
You are on the CC list for the bug.
Aquest missatge es va enviar a les següents llistes de correu:
Exim-dev
Informació sobre la llista de correu | Missatges propers		<-[exim-dev] [Bug 2117] STARTTLS must be the last command in a pipelining group[exim-dev] [Bug 2118] sendmail -be and ${run} macro security problem->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)