Vendor Solution

The vulnerability has been patched in version 4.92, which is currently available.

In addition, the maintainers for Exim have announced a public fix for the vulnerability which can be backported to all affected versions (4.87 - 4.91), although these are now technically said to be no longer officially supported.

Trend Micro Recommendation and Solutions

As with any vulnerability, Trend Micro highly recommends that users apply all critical patches and fixes that vendors provide for security issues as soon as possible. These patches will provide the strongest level of defense against any potential attacks.

Since this vulnerability potentially impacts a critical component in many environments (MTA) - it is strongly recommended that patches or upgrades are applied as quickly as possible.

Fortunately, Trend Micro has analyzed the information to see if proactive protection rules and filters may be created to help protect against potential attacks, and has deployed the following:

Product	Protection Type	Identifier
Deep Security	Intrusion Prevention Rule	1009797 - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)
TippingPoint	DigitalVaccine (DV) Filter	35520: SMTP: Exim Internet Mailer Command Injection Vulnerability
Anti-Malware Products	Pattern File Detection	Trojan.SH.MIXBASH.A

As previously mentioned, there is now news of an active Linux worm exploiting this particular vulnerability which makes getting protection in place as soon as possible critical. Trend Micro is actively monitoring and researching to ensure protection against these new exploits are in place.

Reference(s)

SECURITY ALERT: Remote Code Execution (RCE) Vulnerability in Exim MTA (CVE-2019-10149)

Product / Version includes:

Deep Security All

Last updated: 2025/05/08

Solution ID: KA-0009425

Category: Upgrade , Update

Summary

Updated on June 19, 2019 - New detection information added

On June 3, 2019, some information came to light about a critical vulnerability (CVE-2019-10149) in the popular mail transfer agent (MTA) Exim on the Open Source Security (OSS) mailing list which highlighted a remote code execution (RCE) vulnerability in versions 4.87 through 4.91.

On June 14, 2019, it was also reported by Microsoft MSRC that an active Linux worm leveraging this vulnerability may be in the wild.

Trend Micro also has a more indepth blog on the issue here: Hacker Groups Pounce on Millions of Vulnerable Exim Servers.

Please note, this is not a Trend Micro specific vulnerability.

Vendor Solution

The vulnerability has been patched in version 4.92, which is currently available.

Trend Micro Recommendation and Solutions

Since this vulnerability potentially impacts a critical component in many environments (MTA) - it is strongly recommended that patches or upgrades are applied as quickly as possible.

Fortunately, Trend Micro has analyzed the information to see if proactive protection rules and filters may be created to help protect against potential attacks, and has deployed the following:

Product	Protection Type	Identifier
Deep Security	Intrusion Prevention Rule	1009797 - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)
TippingPoint	DigitalVaccine (DV) Filter	35520: SMTP: Exim Internet Mailer Command Injection Vulnerability
Anti-Malware Products	Pattern File Detection	Trojan.SH.MIXBASH.A

Reference(s)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

SECURITY ALERT: Remote Code Execution (RCE) Vulnerability in Exim MTA (CVE-2019-10149)

Vendor Solution

Trend Micro Recommendation and Solutions

Reference(s)

SECURITY ALERT: Remote Code Execution (RCE) Vulnerability in Exim MTA (CVE-2019-10149)

Product / Version includes:

Summary

Vendor Solution

Trend Micro Recommendation and Solutions

Reference(s)