doc/doc-txt/cve-2019-13917

   1 CVE ID:     CVE-2019-13917
   2 OVE ID:     OVE-20190718-0006
   3 Date:       2019-07-18
   4 Credits:    Jeremy Harris
   5 Version(s): 4.85 up to and including 4.92
   6 Issue:      A local or remote attacker can execute programs with root
   7             privileges - if you've an unusual configuration. See below.
   8
   9 Conditions to be vulnerable
  10 ===========================
  11
  12 If your configuration uses the ${sort } expansion for items that can be
  13 controlled by an attacker (e.g. $local_part, $domain). The default
  14 config, as shipped by the Exim developers, does not contain ${sort }.
  15
  16 Details
  17 =======
  18
  19 The vulnerability is exploitable either remotely or locally and could
  20 be used to execute other programs with root privilege.  The ${sort }
  21 expansion re-evaluates its items.
  22
  23 Mitigation
  24 ==========
  25
  26 Do not use ${sort } in your configuration.
  27
  28 Fix
  29 ===
  30
  31 Download and build a fixed version:
  32
  33     Tarballs: http://ftp.exim.org/pub/exim/exim4/
  34     Git:      https://github.com/Exim/exim.git
  35               - tag    exim-4.92.1
  36               - branch exim-4.92+fixes
  37
  38 The tagged commit is the officially released version. The +fixes branch
  39 isn't officially maintained, but contains useful patches *and* the
  40 security fix.
  41
  42 If you can't install the above versions, ask your package maintainer for
  43 a version containing the backported fix. On request and depending on our
  44 resources we will support you in backporting the fix.  (Please note,
  45 that Exim project officially doesn't support versions prior the current
  46 stable version.)