Ubuntu Security Notice: USN-2016-1234-1 Exim Privilege Escalation Risk
Mar 10, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package exim before version 4.86.2-2 is vulnerable to privilege escalation.
Arch Linux Security Advisory ASA-201603-8 ======================================== Severity: High Date : 2016-03-10 CVE-ID : CVE-2016-1531 Package : exim Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/title/CVE Summary ====== The package exim before version 4.86.2-2 is vulnerable to privilege escalation. Resolution ========= Upgrade to 4.86.2-2. # pacman -Syu "exim>=4.86.2-2" The problem has been fixed upstream in version 4.86.2. Workaround ========= None. Description ========== All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges. Impact ===== A local attacker is able to use a privilege escalation vulnerability to gain root privileges. References ========= https://www.exim.org/static/doc/CVE-2016-1531.txt https://access.redhat.com/security/cve/CVE-2016-1531
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!