CVE-2006-1251

Published: 19 March 2006

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.

Priority

Status

Package	Release	Status
sa-exim Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Released (4.2.1-1)
	feisty	Released (4.2.1-1)
	gutsy	Released (4.2.1-1)
	hardy	Released (4.2.1-1)
	intrepid	Released (4.2.1-1)
	jaunty	Released (4.2.1-1)
	karmic	Released (4.2.1-1)
	upstream	Released (4.2.1)

References

https://www.cve.org/CVERecord?id=CVE-2006-1251
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.