Sa-exim greylistclean.cron file deletion
| saexim-greylistclean-file-deletion (25286) |  Medium Risk |
Description:
Sa-exim could allow a remote attacker to delete arbitrary files caused by a vulnerability in greylistclean.cron. A remote attacker could send an email containing a specially-crafted address that could be used to delete files on the system, once the email is processed by the greylistclean.cron job.
Consequences:
File Manipulation
Remedy:
Upgrade to the latest version of Sa-exim (4.2.1 or later), available from the Sa-exim Web site. See References.
References:
- Debian Bug report logs - #345071: sa-exim: Potential for deleting arbitrary local files by remote attack.
- Sa-exim Web site: Exim SpamAssassin at SMTP time.
- BID-17110: sa-exim Unauthorized File Access Vulnerability
- CVE-2006-1251: Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
- SA19225: sa-exim "greylistclean.cron" File Deletion Vulnerability
- VUPEN/ADV-2006-0941: Sa-exim greylistclean.cron Email Address Handling File Deletion Vulnerability
Platforms Affected:
- Sa-exim Sa-exim 4.2
Reported:
Mar 13, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net