Exim - Remote Code Execution (CVE-2019-10149)

Exim server is affected by a Remote Code Execution vulnerability. The root cause of this vulnerability consists in a lack of validation of recipient address in deliver_message() function. Therefore, an unauthenticated remote attacker could send an email to ${run{command in hex format}}@localhost and trigger the vulnerability.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Upgrade Exim mail server to a version equal or higher of 4.92.

https://nvd.nist.gov/vuln/detail/CVE-2019-10149

https://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html