Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Gentoo: Critical Local Root Vulnerability in Exim 200212-5 Exploit

gentoo
Calendar Grey December 16, 2002
Scroller Gentoo
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNC
There is a format string bug in exim.

Summary


- --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5
- --------------------------------------------------------------------
DATE    : 2002-12-16 16:12 UTC

- --------------------------------------------------------------------
From advisory:
"This is a format string bug in daemon.c, line 976:
sprintf(CS buff, CS pid_file_path, ""); /* Backward compatibility */
pid_file_path can be changed on the command line. This line is in the function daemon_go(), which only gets executed when the user is an exim-admin-user."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/exim-4.05 and earlier update their systems as follows:
emerge rsync emerge exim emerge clean
- ----------...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : exim
SUMMARY : local root vulnerability
EXPLOIT : local

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround