← back
CVE-2019-10149

CVE-2019-10149

CVSS 9 CRITICALEPSS 100.0%● KEVCWE-78
In short

Exim email servers versions 4.87 to 4.91 fail to properly validate recipient addresses, allowing attackers to execute arbitrary commands on the server remotely.

Technical detail

A command injection vulnerability exists in the deliver_message() function within /src/deliver.c where insufficient input validation on recipient addresses permits unauthenticated remote code execution. The attack vector requires sending a specially crafted email with a malicious recipient address; exploitation is trivial as Exim processes untrusted input directly in shell contexts.

Summary generated and translated by AI from the official description.
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
exim · exim
public PoCs found25
githubgithub.com/bananaphones/exim-rce-quickfix22githubgithub.com/Diefunction/CVE-2019-1014919githubgithub.com/MNEMO-CERT/PoC--CVE-2019-10149_Exim14githubgithub.com/cowbe0x004/eximrce-CVE-2019-1014914githubgithub.com/AzizMea/CVE-2019-10149-privilege-escalation9githubgithub.com/darsigovrustam/CVE-2019-101495githubgithub.com/Chris-dev1/exim.exp4githubgithub.com/cloudflare/exim-cve-2019-10149-data3githubgithub.com/Brets0150/StickyExim3githubgithub.com/aishee/CVE-2019-10149-quick1githubgithub.com/uyerr/PoC_CVE-2019-10149--rce1githubgithub.com/Stick-U235/CVE-2019-10149-Exploit1githubgithub.com/Dilshan-Eranda/CVE-2019-101490githubgithub.com/rahmadsandy/EXIM-4.87-CVE-2019-101490githubgithub.com/hyim0810/CVE-2019-101490githubgithub.com/qlusec/CVE-2019-101490githubgithub.com/VoyagerOnne/Exim-CVE-2019-101490githubgithub.com/CybersRMUTL/CVE-2019-10149-Exim4-RCE0githubgithub.com/Ambrella-Security/CVE-2019-101490cve_referencepacketstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46996unverifiedexploitdbwww.exploit-db.com/exploits/47307unverifiedexploitdbwww.exploit-db.com/exploits/46974unverifiedcve_referencepacketstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.htmlhttp://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149http://seclists.org/fulldisclosure/2019/Jun/16https://seclists.org/bugtraq/2019/Jun/5https://security.gentoo.org/glsa/201906-01https://usn.ubuntu.com/4010-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10149https://www.debian.org/security/2019/dsa-4456https://www.exim.org/static/doc/security/CVE-2019-10149.txt