Exim: Multiple vulnerabilities

Exim: Multiple vulnerabilities Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code. exim 2021-05-04 2021-05-04 786945 local, remote 4.94.2 4.94.2

Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.

Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details.

A remote attacker, by connecting to the SMTP listener daemon, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or escalate privileges.

There is no known workaround at this time.

All Exim users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.94.2"

CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28016 CVE-2020-28017 CVE-2020-28018 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026 CVE-2021-27216 whissi whissi