CVE-2006-1251

NameCVE-2006-1251
DescriptionArgument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs345071, 356301

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sa-exim (PTS)jessie4.2.1-14fixed
jessie (security)4.2.1-14+deb8u1fixed
stretch4.2.1-16fixed
buster4.2.1-17fixed
bullseye, sid4.2.1-19fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sa-eximsource(unstable)4.2.1-1345071, 356301

Search for package or bug name: Reporting problems