Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: 202105-01 High: Exim Remote Code Execution Risk

gentoo
Calendar Grey May 4, 2021
Dist Gentoo Esm H88
Critical Alert for Gentoo: Various Exim Flaws Permit Remote Code Execution and Service Disruption.
Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in Exim. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity gentoo denial service exim remote execution codex

Resolution

All Exim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.94.2"

References

[ 1 ] CVE-2020-28007 https://nvd.nist.gov/vuln/detail/CVE-2020-28007 [ 2 ] CVE-2020-28008 https://nvd.nist.gov/vuln/detail/CVE-2020-28008 [ 3 ] CVE-2020-28009 https://nvd.nist.gov/vuln/detail/CVE-2020-28009 [ 4 ] CVE-2020-28010 https://nvd.nist.gov/vuln/detail/CVE-2020-28010 [ 5 ] CVE-2020-28011 https://nvd.nist.gov/vuln/detail/CVE-2020-28011 [ 6 ] CVE-2020-28012 https://nvd.nist.gov/vuln/detail/CVE-2020-28012 [ 7 ] CVE-2020-28013 https://nvd.nist.gov/vuln/detail/CVE-2020-28013 [ 8 ] CVE-2020-28014 https://nvd.nist.gov/vuln/detail/CVE-2020-28014 [ 9 ] CVE-2020-28015 https://nvd.nist.gov/vuln/detail/CVE-2020-28015 [ 10 ] CVE-2020-28016 https://nvd.nist.gov/vuln/detail/CVE-2020-28016 [ 11 ] CVE-2020-28017 https://nvd.nist.gov/vuln/detail/CVE-2020-28017 [ 12 ] CVE-2020-28018 https://nvd.nist.gov/vuln/detail/CVE-2020-28018 [ 13 ] CVE-2020-28019 https://nvd.nist.gov/vuln/detai...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-01
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: Exim: Multiple vulnerabilities
Date: May 04, 2021
Bugs: #786945
ID: 202105-01

Topics%20covered

Topics Covered

security advisory high severity gentoo denial service exim remote execution codex

Synopsis

Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code.

Background

Exim is a message transfer agent (MTA) designed to be a a highly configurable, drop-in replacement for sendmail.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/exim < 4.94.2 >= 4.94.2

Impact

===== A remote attacker, by connecting to the SMTP listener daemon, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or escalate privileges.

Workaround

There is no known workaround at this time.

Your message here