Title: Exim Pipe Hostname Arbitrary Command Execution Vulnerability
Severity: HIGH
Description:
Exim is a Mail Transport Agent designed with security in mind. It is freely avaiable, open source, and distributed by the University of Cambridge.
A problem with the software package could make it possible for a remote user to execute arbitrary commands. The problem is in the handling of pipes.
Exim supports the piping of email through various programs via it's configuration file. This makes it possible to send email through various programs such as email virus checking utilities or spam filtering utilities.
When Exim receives a mail, it processes the mail by it's localhost and domain name. In the event that the mail contains a pipe (|) symbol as the first part of it's host name, Exim attempts to interpret the localhost name as a command. This could result in a mail with a maliciously crafted From: field being used to execute a command contained within the localhost name of the mailing host. This problem only affects configurations that routes or directs mail without performing any type of check on the local part of the address, and does not affect alias or forward files.
This problem makes it possible for remote users to execute arbitrary commands as the Exim user, and potentially gain local access to the vulnerable system.
Affected Products:
- Debian Linux 2.2.0 68k
- Debian Linux 2.2.0 IA-32
- Debian Linux 2.2.0 alpha
- Debian Linux 2.2.0 arm
- Debian Linux 2.2.0 powerpc
- Debian Linux 2.2.0 sparc
- University of Cambridge Exim 3.11.0
- University of Cambridge Exim 3.12.0
- University of Cambridge Exim 3.13.0
- University of Cambridge Exim 3.14.0
- University of Cambridge Exim 3.15.0
- University of Cambridge Exim 3.16.0
- University of Cambridge Exim 3.17.0
- University of Cambridge Exim 3.18.0
- University of Cambridge Exim 3.19.0
- University of Cambridge Exim 3.20.0
- University of Cambridge Exim 3.21.0
- University of Cambridge Exim 3.22.0
- University of Cambridge Exim 3.30.0
- University of Cambridge Exim 3.31.0
- University of Cambridge Exim 3.32.0
- University of Cambridge Exim 3.33.0
References:
- Exim: Exim homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
