CVE-2019-13917 - OpenCVE

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Exim	Exim

Configuration 1 [-]

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

References

Link	Resource
http://exim.org/static/doc/security/CVE-2019-13917.txt	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/07/26/5	Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/51	Third Party Advisory
https://security.gentoo.org/glsa/201909-06
https://www.debian.org/security/2019/dsa-4488	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-25T19:07:08

Updated: 2019-09-07T01:06:07

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13917

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-25T20:15:11.810

Modified: 2019-09-07T02:15:10.297

Link: CVE-2019-13917

JSON object: View

Redhat Information

No data.

CWE

CWE-19

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-07T01:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://exim.org/static/doc/security/CVE-2019-13917.txt"}, {"name": "DSA-4488", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4488"}, {"name": "[oss-security] 20190726 Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/5"}, {"name": "20190730 [SECURITY] [DSA 4488-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jul/51"}, {"name": "GLSA-201909-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201909-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13917", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://exim.org/static/doc/security/CVE-2019-13917.txt", "refsource": "CONFIRM", "url": "http://exim.org/static/doc/security/CVE-2019-13917.txt"}, {"name": "DSA-4488", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4488"}, {"name": "[oss-security] 20190726 Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/26/5"}, {"name": "20190730 [SECURITY] [DSA 4488-1] exim4 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/51"}, {"name": "GLSA-201909-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-06"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13917", "datePublished": "2019-07-25T19:07:08", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2019-09-07T01:06:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E44EF3A-D0DE-4E40-8D32-60514F87FD4F", "versionEndIncluding": "4.92", "versionStartIncluding": "4.85", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain)."}, {"lang": "es", "value": "Exim versiones 4.85 hasta 4.92 (corregido en 4.92.1) permite la ejecuci\u00f3n de c\u00f3digo remota como root en algunas configuraciones inusuales que usan la expansi\u00f3n ${sort} para elementos que pueden ser controlados por un atacante (por ejemplo, $local_part o $domain)."}], "id": "CVE-2019-13917", "lastModified": "2019-09-07T02:15:10.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-25T20:15:11.810", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://exim.org/static/doc/security/CVE-2019-13917.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jul/51"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-06"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4488"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}