Vulnerability CVE-2020-28026: Information

Description

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-28026
Published: May 6, 2021
Modified: July 12, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
eximsisyphus4.94.2-alt14.97-alt1ALT-PU-2021-1764-1271258Fixed
eximp104.94.2-alt14.96-alt1ALT-PU-2021-1764-1271258Fixed
eximc10f14.94.2-alt14.96-alt1ALT-PU-2021-1764-1271258Fixed
eximc9f24.94.2-alt24.96-alt1ALT-PU-2022-2269-1301507Fixed
eximp114.94.2-alt14.97-alt1ALT-PU-2021-1764-1271258Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
      Start including
      4.00
      End excliding
      4.94.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top