Vulnerability Details CVE-2001-0889
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=100877978506387&w=2
- http://www.debian.org/security/2002/dsa-097
- http://www.kb.cert.org/vuls/id/283723
- http://www.redhat.com/support/errata/RHSA-2001-176.html
- http://www.securityfocus.com/bid/3728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7738
- http://marc.info/?l=bugtraq&m=100877978506387&w=2
- http://www.debian.org/security/2002/dsa-097
- http://www.kb.cert.org/vuls/id/283723
- http://www.redhat.com/support/errata/RHSA-2001-176.html
- http://www.securityfocus.com/bid/3728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7738
Products affected by CVE-2001-0889
-
cpe:2.3:a:university_of_cambridge:exim:*
-
cpe:2.3:o:redhat:linux:-
-
cpe:2.3:o:redhat:linux:1.0
-
cpe:2.3:o:redhat:linux:1.1
-
cpe:2.3:o:redhat:linux:2.0
-
cpe:2.3:o:redhat:linux:2.0.34
-
cpe:2.3:o:redhat:linux:2.1
-
cpe:2.3:o:redhat:linux:2.4.2
-
cpe:2.3:o:redhat:linux:2.6.2
-
cpe:2.3:o:redhat:linux:3.0
-
cpe:2.3:o:redhat:linux:3.0.3
-
cpe:2.3:o:redhat:linux:4.0
-
cpe:2.3:o:redhat:linux:4.1
-
cpe:2.3:o:redhat:linux:4.2
-
cpe:2.3:o:redhat:linux:5.0
-
cpe:2.3:o:redhat:linux:5.1
-
cpe:2.3:o:redhat:linux:5.2
-
cpe:2.3:o:redhat:linux:6.0
-
cpe:2.3:o:redhat:linux:6.1
-
cpe:2.3:o:redhat:linux:6.2
-
cpe:2.3:o:redhat:linux:6.2e
-
cpe:2.3:o:redhat:linux:7
-
cpe:2.3:o:redhat:linux:7.0
-
cpe:2.3:o:redhat:linux:7.1
-
cpe:2.3:o:redhat:linux:7.2
-
cpe:2.3:o:redhat:linux:7.3
-
cpe:2.3:o:redhat:linux:8.0
-
cpe:2.3:o:redhat:linux:9
-
cpe:2.3:o:redhat:linux:9.0