CVE ID: CVE-2019-13917 OVE ID: OVE-20190718-0006 Date: 2019-07-18 Credits: Jeremy Harris Version(s): 4.85 up to and including 4.92 Issue: A local or remote attacker can execute programs with root privileges - if you've an unusual configuration. See below. Conditions to be vulnerable =========================== If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }. Details ======= The vulnerability is exploitable either remotely or locally and could be used to execute other programs with root privilege. The ${sort } expansion re-evaluates its items. Mitigation ========== Do not use ${sort } in your configuration. Fix === Download and build a fixed version: Tarballs: http://ftp.exim.org/pub/exim/exim4/ Git: https://github.com/Exim/exim.git - tag exim-4.92.1 - branch exim-4.92+fixes The tagged commit is the officially released version. The +fixes branch isn't officially maintained, but contains useful patches *and* the security fix. If you can't install the above versions, ask your package maintainer for a version containing the backported fix. On request and depending on our resources we will support you in backporting the fix. (Please note, that Exim project officially doesn't support versions prior the current stable version.)