sort vulnerability Exim

Active8

Verified User
Joined
Jul 13, 2013
Messages
1,762
I assume that exim build by Custombuild is not effected , can someone from staff confirm this ?

------------------------------------------------------------------------------------------

CVE ID: CVE-2019-13917
OVE ID: OVE-20190718-0006
Date: 2019-07-18
Credits: Jeremy Harris
Version(s): 4.85 up to and including 4.92
Issue: A local or remote attacker can execute programs with root
privileges - if you've an unusual configuration. For details
see below.

Details:

A vulnerability was discovered in the "sort" expansion operator. The elements of the list were expanded, giving a possible attack if the list included data supplied by an attacker.

If the effective configuration file for exim does not use sort then the system is trivially declarable as not being vulnerable. Use this command to check: "exim -bP config | grep sort".

Reference:

https://lists.gt.net/exim/announce/112500
 
DirectAdmin does not use "sort" for string expansions, so - not affected :) 4.92.1 is available on DA fileservers though (mirrors could take some time to sync).
 
Back
Top