A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (CVE-2019-10149)
I have written a local privilege escalation exploit for “The Return of the WIZard” vulnerability recently reported by the Qualys Security Advisory team. It’s Debian-specific, however it should be fairly easy to adapt it to other distributions.
The exploit can be downloaded from: