Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

Related bugs and status

CVE-2019-19920 (Candidate) is related to these bugs:

Bug #1856873: sa-exim Greylisting.pm vulnerability

Summary				In	Importance	Status
	1856873	sa-exim Greylisting.pm vulnerability		sa-exim (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.debian.or...
MISC: https://marc.info/?l=s...
MISC: https://marc.info/?l=s...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-4520-1