Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1251

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1251
Last Modified 18 Oct 2011 12:00:00
Published 18 Mar 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1251

Summary

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.

Vulnerable Systems

Application

  • Sa-exim 4.0

  • Sa-exim 4.1

  • Sa-exim 4.2


References

BID - 17110

CONFIRM - http://marc.merlins.org/linux/exim/files/sa-exim-cvs/Changelog.html

XF - saexim-greylistclean-file-deletion(25286)

VUPEN - ADV-2006-0941

SECUNIA - 19225

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345071


Last Updated: 27 May 2016 10:41:59