[exim-dev] [Bug 2118] New: sendmail -be and ${run} macro sec…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2118] New: sendmail -be and ${run} macro security problem
https://bugs.exim.org/show_bug.cgi?id=2118

            Bug ID: 2118
           Summary: sendmail -be and ${run} macro security problem
           Product: Exim
           Version: 4.89
          Hardware: All
                OS: FreeBSD
            Status: NEW
          Severity: security
          Priority: medium
         Component: General execution
          Assignee: nigel@???
          Reporter: taki@???
                CC: exim-dev@???


I found this WordPress + Exim remote code execution exploit on exploit-db site.
It uses "exim -be '${run...}'" to place payload on the remote system.

https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

--
You are receiving this mail because:
You are on the CC list for the bug.