CVE-2006-1251

NameCVE-2006-1251
DescriptionArgument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs345071, 356301

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sa-exim (PTS)jessie4.2.1-14fixed
stretch4.2.1-16fixed
buster, bullseye, sid4.2.1-17fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sa-eximsource(unstable)4.2.1-1medium345071, 356301

Search for package or bug name: Reporting problems