What Are You Looking For?

Sign Up

- --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5
- --------------------------------------------------------------------

PACKAGE : exim
SUMMARY : local root vulnerability
DATE    : 2002-12-16 16:12 UTC
EXPLOIT : local

- --------------------------------------------------------------------

From advisory:

"This is a format string bug in daemon.c, line 976:

sprintf(CS buff, CS pid_file_path, "");   /* Backward compatibility */

pid_file_path can be changed on the command line.
This line is in the function daemon_go(), which only
gets executed when the user is an exim-admin-user."

Read the full advisory at 
https://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/exim-4.05 and earlier update their systems as follows:

emerge rsync
emerge exim
emerge clean

- --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at raker@gentoo.org
- --------------------------------------------------------------------

Gentoo: exim local root vulnerability

There is a format string bug in exim.

Summary


- --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5
- --------------------------------------------------------------------
DATE    : 2002-12-16 16:12 UTC

- --------------------------------------------------------------------

From advisory:

"This is a format string bug in daemon.c, line 976:

sprintf(CS buff, CS pid_file_path, "");   /* Backward compatibility */

pid_file_path can be changed on the command line.
This line is in the function daemon_go(), which only
gets executed when the user is an exim-admin-user."

Read the full advisory at 
https://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/exim-4.05 and earlier update their systems as follows:

emerge rsync
emerge exim
emerge clean

- --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at raker@gentoo.org
- --------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : exim
SUMMARY : local root vulnerability
EXPLOIT : local

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

When Betting on Linux Security, Look at the Big Picture

Aug 29, 2023

New SkidMap Malware Attacking Wide Range of Linux Distributions

Aug 8, 2023

Linux kCFI/FineIBT Weaknesses Addressed By Rewriting Some Assembly In C

Jul 17, 2023

Notorious Downfall & Inception Microcode Info Disclosure Vulns Fixed

Aug 24, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo