CVE-2006-1251

NameCVE-2006-1251
DescriptionArgument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs345071, 356301

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sa-exim (PTS)buster4.2.1-17fixed
sid, trixie, bookworm, bullseye4.2.1-20fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sa-eximsource(unstable)4.2.1-1345071, 356301

Search for package or bug name: Reporting problems