Exim With Dovecot Misconfiguration Remote Command Execution Vulnerability
Severity: CRITICAL
Advisory Date: JUL 21, 2015
DESCRIPTION
Dovecot, when configured with Exim as a local delivery agent, contains a flaw that is due to the program failing to properly sanitize input in the 'sender_address' parameter, which is supplied via a 'MAIL FROM' header. This may allow a remote attacker to execute arbitrary commands.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005495