Exim - Remote Code Execution (CVE-2019-10149)

Exim server is affected by a Remote Code Execution vulnerability. The root cause of this vulnerability consists in a lack of validation of recipient address in deliver_message() function. Therefore, an unauthenticated remote attacker could send an email to ${run{command in hex format}}@localhost and trigger the vulnerability.

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Upgrade Exim mail server to a version equal or higher of 4.92.

https://nvd.nist.gov/vuln/detail/CVE-2019-10149

https://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html