A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers running Exim, security researchers have revealed today. CVE-2019-10149 was discovered by Qualys researchers. It is a remote command execution vulnerability that is exploitable instantly by a local attacker and by a remote attacker…
Blog
A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems.
Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled. The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can…