CVE-2006-1251
EPSS 0.69%
Description
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
How to fix CVE-2006-1251
To remediate CVE-2006-1251, upgrade the affected package to a fixed version below.
- Debian/sa-exim—upgrade to 4.2.1-1 or later
Is CVE-2006-1251 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.2.1-1