[exim-dev] [Bug 2118] sendmail -be and ${run} macro security…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2118] sendmail -be and ${run} macro security problem
https://bugs.exim.org/show_bug.cgi?id=2118

--- Comment #5 from Heiko Schlittermann <hs@???> ---
(In reply to Sandor Takacs from comment #0)
> I found this WordPress + Exim remote code execution exploit on exploit-db
> site. It uses "exim -be '${run...}'" to place payload on the remote system.
>
> https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-
> 10033.html


It's remote character is a Wordpress problem. A remote attacker can run
commands on the Wordpress site. Exim is one of the commands, but not the only
one. Probably an attacker can even run "cat", "touch" and so on. Where is the
vulnerability? Are "cat", "touch", and so on, no vulnerable? Or is Wordpress
vulnerable?

--
You are receiving this mail because:
You are on the CC list for the bug.