Exim 参数注入漏洞

Exim是一个运行于Unix系统中的开源消息传送代理（MTA），它主要负责邮件的路由、转发和投递。

exim4 (Debian package) 存在参数注入漏洞，该漏洞源于对spool_read_header函数中用户提供的输入的验证不足。以下产品及版本受到影响：exim4 (Debian package)： 4.10-0.srh20.1, 4.10-0.srh20.2, 4.10-0.srh20.3, 4.10-0.srh20.4, 4.10-0.srh20.5, 4.10-0.srh20.6, 4.10-0.srh20.7, 4.10-0.srh20.8, 4.10-0.srh20.9, 4.10-0.srh20.10, 4.10-0.srh20.11, 4.10-0.srh20.12, 4.10-0.srh20.13, 4.10-0.srh20.14, 4.10-0.srh20.15, 4.10-0.srh20.16, 4.10-0.srh20.17, 4.10-0.srh20.18, 4.10-0.srh20.19, 4.10.12-0.0.1, 4.10.13-0.0.1, 4.10.13-0.0.2, 4.10.13-0.0.3, 4.10.13-0.0.4, 4.11-0.0.1, 4.11-0.0.2, 4.11-0.0.3, 4.11-0.0.4, 4.12-0, 4.12-0.0.1, 4.12-0.0.2, 4.12-0.0.3, 4.12-0.0.4, 4.12-0.0.5, 4.12-0.0.6, 4.12-0.0.7, 4.12-0.0.8, 4.12-0.0.9, 4.12-0.0.10, 4.12-0.0.11, 4.12-0.0.12, 4.12-0.0.13, 4.12-0.0.14, 4.12-0.0.15, 4.12-0.0.16, 4.12-0.0.17, 4.12-0.0.18, 4.12-0.0.19, 4.12-0.0.20, 4.12-0.0.21, 4.12-0.1, 4.12-0.2, 4.14-0.1, 4.14-0.2, 4.14-0.3, 4.14-0.4, 4.14-0.5, 4.14-0.6, 4.14-1, 4.20-1, 4.20-2, 4.20-3, 4.20-4, 4.20-5, 4.22-1, 4.22-2, 4.22-3, 4.22-4, 4.22-5, 4.24-1, 4.24-2, 4.24-3, 4.30-1, 4.30-2, 4.30-3, 4.30-4, 4.30-5, 4.30-6, 4.30-7, 4.30-8, 4.31-1, 4.31-2, 4.32-1, 4.32-2, 4.33-1, 4.34-1, 4.34-2, 4.34-3, 4.34-4, 4.34-5, 4.34-6, 4.34-7, 4.34-8, 4.34-9, 4.34-10, 4.43-1, 4.43-2, 4.43-3, 4.43-4, 4.44-1, 4.44-2, 4.50-1, 4.50-2, 4.50-3, 4.50-4, 4.50-5, 4.50-6, 4.50-7, 4.50-8, 4.50-8sarge1, 4.50-8sarge2, 4.51-1, 4.51-2, 4.52-1, 4.52-2, 4.53-1, 4.54-1, 4.54-2, 4.60-1, 4.60-2, 4.60-3, 4.60-4, 4.60-5, 4.60-5+b1, 4.61-1, 4.62-1, 4.62-2, 4.62-3, 4.62-4, 4.62-5, 4.63-1, 4.63-2, 4.63-3, 4.63-4, 4.63-5, 4.63-6, 4.63-7, 4.63-8, 4.63-9, 4.63-9bpo1, 4.63-10, 4.63-11, 4.63-12, 4.63-13, 4.63-14, 4.63-15, 4.63-16, 4.63-17, 4.63-17~bpo.1, 4.63.20060921-1, 4.63.20061010-1, 4.63.20061028-1, 4.63.20061115-1, 4.63.20061115-2, 4.63.20061130-1, 4.63.20061130-2, 4.64-1, 4.65-1, 4.65-2, 4.65-3, 4.66-1, 4.66-2, 4.66-3, 4.67-1, 4.67-2, 4.67-3, 4.67-4, 4.67-5, 4.67-6, 4.67-7, 4.67-8, 4.68-1, 4.68-2, 4.69-1, 4.69-2, 4.69-3, 4.69-4, 4.69-5, 4.69-6, 4.69-7, 4.69-8, 4.69-9, 4.69-9+lenny1, 4.69-9+lenny3, 4.69-9+lenny4, 4.69-9~bpo40+1, 4.69-10, 4.69-11, 4.70-1, 4.70-2, 4.70~cvs+20091017-1, 4.70~cvs+20091026-1, 4.70~cvs+20091030-1, 4.70~rc4-1, 4.71-1, 4.71-2, 4.71-2~bpo50+1, 4.71-3, 4.71-4, 4.72-1, 4.72-1~bpo50+1, 4.72-2, 4.72-3, 4.72-3~bpo50+1, 4.72-4, 4.72-4~bpo50+1, 4.72-5, 4.72-6, 4.72-6+squeeze1, 4.72-6+squeeze1~bpo50+1, 4.72-6+squeeze2, 4.72-6+squeeze2~bpo50+1, 4.72-6+squeeze3, 4.72-6+squeeze4, 4.72-6~bpo50+1, 4.72~20100529-1, 4.73~rc1-1, 4.74-1, 4.74-2, 4.74~rc2-1, 4.75-1, 4.75-2, 4.75-3, 4.75~rc2-1, 4.75~rc3-1, 4.76-1, 4.76-1+hurd.1, 4.76-2, 4.76-3, 4.76-4, 4.76~RC1-1, 4.76~RC1-2, 4.76~RC1-3, 4.77-1, 4.77~rc4-1, 4.80-1, 4.80-2, 4.80-3, 4.80-4, 4.80-5, 4.80-5.1, 4.80-6, 4.80-7, 4.80-7+deb7u1, 4.80-7+deb7u2, 4.80-7+deb7u3, 4.80-7+deb7u4, 4.80-7+deb7u5, 4.80-7+deb7u6, 4.80-7+hurd.1, 4.80-8, 4.80-9, 4.80~rc2-1, 4.80~rc4-1, 4.80~rc5-1, 4.80~rc6-1, 4.80~rc7-1, 4.82-1, 4.82-2, 4.82-3, 4.82-4, 4.82-5, 4.82-6, 4.82-7, 4.82-8, 4.82.1-1, 4.82.1-2, 4.82~rc1-1, 4.82~rc2-1, 4.82~rc3-1, 4.82~rc5-1, 4.83-1, 4.83-2, 4.83~RC1-1, 4.83~RC2-1, 4.83~RC3-1, 4.84-1, 4.84-2, 4.84-3, 4.84-4, 4.84-5, 4.84-6, 4.84-7, 4.84-8, 4.84-8+deb8u1, 4.84-8+deb8u2, 4.84.2, 4.84.2-1, 4.84.2-1+deb8u1, 4.84.2-2, 4.84.2-2+deb8u1, 4.84.2-2+deb8u2, 4.84.2-2+deb8u3, 4.84.2-2+deb8u4, 4.84.2-2+deb8u5, 4.84.2-2+deb8u6, 4.84.2-2+deb8u7, 4.84~RC1-1, 4.84~RC1-2, 4.84~RC1-3, 4.84~RC2-1, 4.85-1, 4.85-2, 4.85-3, 4.85~RC1+dfsg-1, 4.85~RC2+dfsg-1, 4.85~RC3+dfsg-1, 4.85~RC4-1, 4.86-1, 4.86-2, 4.86-3, 4.86-4, 4.86-5, 4.86-5~bpo8+1, 4.86-6, 4.86-6~bpo8+1, 4.86-7, 4.86-7~bpo8+1, 4.86.2-1, 4.86.2-1~bpo8+1, 4.86.2-2, 4.86.2-2~bpo8+1, 4.86~RC1-1, 4.86~RC1-2, 4.86~RC1-3, 4.86~RC2-1, 4.86~RC3-1, 4.86~RC3-2, 4.86~RC4-1, 4.86~RC4-2, 4.86~RC5-1, 4.87-1, 4.87-1~bpo8+1, 4.87-2, 4.87-2~bpo8+1, 4.87-3, 4.87-3~bpo8+1, 4.87~RC1-1, 4.87~RC2-1, 4.87~RC3-1, 4.87~RC3-2, 4.87~RC5-1, 4.87~RC5-2, 4.87~RC6-1, 4.87~RC6-2, 4.87~RC6-3, 4.87~RC6-3~bpo8+1, 4.87~RC7-1, 4.88-1, 4.88-2, 4.88-3, 4.88-4, 4.88-4~bpo8+1, 4.88-5, 4.88-5~bpo8+1, 4.88~RC1-1, 4.88~RC2-1, 4.88~RC2-2, 4.88~RC2-3, 4.88~RC3-1, 4.88~RC4-1, 4.88~RC4-2, 4.88~RC5-1, 4.88~RC6-1, 4.88~RC6-1~bpo8+1, 4.88~RC6-2, 4.88~RC6-2~bpo8+1, 4.89, 4.89-1, 4.89-1~bpo8+1, 4.89-2, 4.89-2+deb9u1, 4.89-2+deb9u1~bpo8+1, 4.89-2+deb9u2, 4.89-2+deb9u3, 4.89-2+deb9u3~bpo8+1, 4.89-2+deb9u4, 4.89-2+deb9u5, 4.89-2+deb9u6, 4.89-2+deb9u7, 4.89-3, 4.89-4, 4.89-5, 4.89-6, 4.89-7, 4.89-8, 4.89-9, 4.89-10, 4.89-11, 4.89-12, 4.89-13, 4.89~RC1-1, 4.89~RC2-1, 4.89~RC3-1, 4.89~RC4-1, 4.89~RC5-1, 4.89~RC6-1, 4.89~RC7-1, 4.90-1, 4.90-2, 4.90-3, 4.90-4, 4.90-5, 4.90-6, 4.90-7, 4.90.1-1, 4.90.1-2, 4.90.1-3, 4.90.1-4, 4.90.1-4~bpo9+1, 4.90.1-5, 4.90.1-5~bpo9+1, 4.90~RC1-1, 4.90~RC2-1, 4.90~RC2-2, 4.90~RC2-3, 4.90~RC3-1, 4.90~RC3-2, 4.90~RC4-1, 4.91-1, 4.91-2, 4.91-2~bpo9+1, 4.91-3, 4.91-3~bpo9+1, 4.91-4, 4.91-4~bpo9+1, 4.91-5, 4.91-5~bpo9+1, 4.91-6, 4.91-6~bpo9+1, 4.91-7, 4.91-7~bpo9+1, 4.91-8, 4.91-8~bpo9+1, 4.91-9, 4.91-9~bpo9+1, 4.91~RC1-1, 4.91~RC2-1, 4.91~RC3-1, 4.91~RC4-1, 4.92, 4.92-1, 4.92-2, 4.92-2~bpo9+1, 4.92-3, 4.92-4, 4.92-5, 4.92-6, 4.92-7, 4.92-7~bpo9+1, 4.92-8, 4.92-8+deb10u1, 4.92-8+deb10u1~bpo9+1, 4.92-8+deb10u2, 4.92-8+deb10u2~bpo9+1, 4.92-8+deb10u3, 4.92-8+deb10u3~bpo9+1, 4.92-8+deb10u4, 4.92-8~bpo9+1, 4.92-9, 4.92-10, 4.92.1-1, 4.92.1-2, 4.92.1-3, 4.92.2-1, 4.92.2-2, 4.92.2-3, 4.92.3-1, 4.92~RC1-1, 4.92~RC2-1, 4.92~RC3-1, 4.92~RC4-1, 4.92~RC4-2, 4.92~RC4-3, 4.92~RC5-1, 4.92~RC5-2, 4.92~RC6-1, 4.93, 4.93-1, 4.93-2, 4.93-3, 4.93-4, 4.93-5, 4.93-6, 4.93-7, 4.93-8, 4.93-9, 4.93-10, 4.93-11, 4.93-12, 4.93-12~bpo10+1, 4.93-13, 4.93-13~bpo10+1, 4.93-14, 4.93-14~bpo10+1, 4.93-15, 4.93-15~bpo10+1, 4.93-16, 4.93-16~bpo10+1, 4.93~RC0-1, 4.93~RC0-2, 4.93~RC1-1, 4.93~RC1-2, 4.93~RC1-3, 4.93~RC1-4, 4.93~RC2-1, 4.93~RC3-1, 4.93~RC4-1, 4.93~RC5-1, 4.93~RC5-1+hurd.1, 4.93~RC7-1, 4.94, 4.94-1, 4.94-7, 4.94-7~bpo10+1, 4.94-8, 4.94-8~bpo10+1, 4.94-9, 4.94-9~bpo10+1, 4.94-10, 4.94~RC0-1, 4.94~RC0-2, 4.94~RC1-1, 4.94~RC2-1。