CVE-2019-10149 exploit: local privilege escalation on Debian GNU/Linux via Exim

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (CVE-2019-10149)

I have written a local privilege escalation exploit for “The Return of the WIZard” vulnerability recently reported by the Qualys Security Advisory team. It’s Debian-specific, however it should be fairly easy to adapt it to other distributions.

The exploit can be downloaded from:

https://github.com/0xdea/exploits/blob/master/linux/raptor_exim_wiz

Happy hacking!