CVE-2019-10149 PoC — Exim 操作系统命令注入漏洞

Source

https://github.com/cloudflare/exim-cve-2019-10149-data

Associated Vulnerability

Title:Exim 操作系统命令注入漏洞 (CVE-2019-10149)
Description:A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Description

Data Collection Related to Exim CVE-2019-10149

Readme

# Exim CVE Data Collection

Data Collection Related to Exim Vulnerabilities CVE-2019-10149, CVE-2019-15846, CVE-2019-16928

 - CVE Announcement: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149
 - Exploit Details: https://www.exploit-db.com/exploits/46974
 - Issue Timeline: https://seclists.org/fulldisclosure/2019/Jun/16
 - NSA Advisory: https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
 - Sandworm Actor: https://malpedia.caad.fkie.fraunhofer.de/actor/sandworm
 - Pipe separated values ip|asn|country|hostnames|smtp-banner-line https://github.com/area1/exim-cve-2019-10149-data/blob/master/exim-CVE-2019-10149-vuln-banner-data.psv
 - Area 1 Security Report: https://cdn.area1security.com/reports/Area-1-Security-EximReport.pdf



## Top 10 ASN
```
73112 AS62729
27372 AS46606
16572 AS36351
12324 AS32244
 9042 AS16276
 7948 AS205275
 5079 AS14992
 4955 AS63410
 3582 AS30633
 3562 AS26496
```

## Top 10 Country
```
185006 US
 12436 GB
 12269 RO
  9130 NL
  8901 CA
  7936 VN
  5909 AU
  5833 FR
  5194 TR
  5184 DE
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!