A critical vulnerability (CVE-2019-10149) was discovered in the Exim mail server, an open-source message transfer agent on Internet-facing Unix operating systems (OS). It has a Common Vulnerability Score System (CVSS) v3.0 severity base score of 9.8 out of 10.
The flaw is due to the improper validation of recipient address in its code. It allows a local or remote attacker to execute arbitrary commands on the affected system via a specially crafted email.
All Exim versions, between and including 4.87 to 4.91, are vulnerable to CVE-2019-10149.
Successful exploitation could lead to a full compromise of the Exim mail server, allowing an attacker to perform malicious activity through the mail server.
System administrators managing Exim Internet mailer are advised to update to version 4.92 immediately.