Здравствуйте!

Система категоризации Живого Журнала посчитала, что вашу запись можно отнести к категории: Медицина.

Если вы считаете, что система ошиблась — напишите об этом в ответе на этот комментарий. Ваша обратная связь поможет сделать систему точнее.

Фрэнк,

команда ЖЖ

"информационная безопасность"

Поговори тут ещё, кожаный ублюдок! ;-)

Цитирую:

CVE-2019-10149 is a remote command execution vulnerability introduced in Exim version 4.87 which was released on April 6, 2016. In default configurations, a local attacker is capable of exploiting this vulnerability to execute commands as the “root” user “instantly” by sending mail to a specially crafted mail address on localhost that will be interpreted by the expand_string function within the deliver_message() function. Remote exploitation under the default configuration is possible, but considered to be unreliable, as an attacker would need to maintain connection to a vulnerable server for 7 days.

In certain non-default configurations, remote exploitation is possible. For instance, if the requirement for ‘verify = recipient’ ACL was removed from the the default configuration file (src/configure.default), uncommenting out the ‘local_part_suffix = +* : -*’ under the userforward router in the default configuration, or if Exim was “configured to relay mail to a remote domain, as a secondary MX (Mail eXchange).”