Back to search
CVE-2006-1251
Published: Mar 19, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
19225
third-party-advisory
x_refsource_SECUNIA
saexim-greylistclean-file-deletion(25286)
vdb-entry
x_refsource_XF
17110
vdb-entry
x_refsource_BID
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/Changelog.html
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345071
x_refsource_MISC
ADV-2006-0941
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now