exim: ${sort} in configuration leads to privilege escalation (CVE-2019-13917)ID: oval:org.secpod.oval:def:59747 | Date: (C)2019-11-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
A flaw was found in exim, in which if the server configuration uses the ${sort } expansion, then this could be controlled by the remote attacker , resulting in the attacker able to execute programs with root privileges. Note: The default config, as shipped by exim upstream, does not contain ${sort }.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.9 |