This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to command execution with root privileges.
7b1fe00dfa2c9cc882752b38e5a6e0f2df1617a466c97478e2257a3f314a59fd
Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.
f66d7f3a31ac18712c80085004dbe2a60269462f0ed94217c0afa6f03a4f8107
Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.
ccf81b809451dabd0ae35b330095955b9998319116314052fc75a06a7dd5e3e8
Gentoo Linux Security Advisory 201906-1 - A vulnerability in Exim could allow a remote attacker to execute arbitrary commands. Versions less than 4.92 are affected.
a3da7ce79662c13585cde53abd610ea317462f97afc3099957d04af79577eaa6
Ubuntu Security Notice 4010-1 - It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
e254ca1fcd34d1dbc6122ae985d24828cd5607f4d4eb3a341f82838dfa7cd5b3
Debian Linux Security Advisory 4456-1 - The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message() function may result in the execution of arbitrary commands.
0cd1d0a2bc006718e3f130c1b1c0b5a56897616f1aabae70b5dba7ad89aedea3