First published: Wed Dec 19 2001(Updated: )
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
University of Cambridge Exim | <=3.22 | |
Red Hat Linux |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2001-0889 is classified as moderate due to its potential to allow arbitrary command execution.
To fix CVE-2001-0889, upgrade Exim to version 3.22 or later to ensure proper verification of local parts of address in configurations.
CVE-2001-0889 affects Exim versions 3.22 and earlier, as well as certain Red Hat Linux configurations.
Yes, CVE-2001-0889 can be exploited by remote attackers to execute arbitrary commands due to insufficient input validation.
CVE-2001-0889 is an input validation vulnerability that allows for shell metacharacters to be executed through email address redirection.