Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-8 ======================================== Severity: High Date : 2016-03-10 CVE-ID : CVE-2016-1531 Package : exim Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/title/CVE Summary ====== The package exim before version 4.86.2-2 is vulnerable to privilege escalation. Resolution ========= Upgrade to 4.86.2-2. # pacman -Syu "exim>=4.86.2-2" The problem has been fixed upstream in version 4.86.2. Workaround ========= None. Description ========== All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges. Impact ===== A local attacker is able to use a privilege escalation vulnerability to gain root privileges. References ========= https://www.exim.org/static/doc/CVE-2016-1531.txt https://access.redhat.com/security/cve/CVE-2016-1531