Fedora EPEL 6 update for exim
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2011-1407 CVE-2011-1764 CVE-2011-0017 CVE-2010-4345 |
| CWE-ID | CWE-20 CWE-134 CWE-78 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system exim Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU45039
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1407
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 6.0
exim: before 4.72-2.el6
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2011-3406
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of externally-controlled format string
EUVDB-ID: #VU12130
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-1764
CWE-ID:
CWE-134 - Use of Externally-Controlled Format String
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the dkim_exim_verify_finish function in src/dkim.c due to use of externally-controlled format string. A remote attacker can cause the service to crash or execute arbitrary code via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 6.0
exim: before 4.72-2.el6
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2011-3406
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU342
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/U:Clear]
CVE-ID: CVE-2011-0017
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to Exim implementation on Linux system does not check return values from the setuid()/setgid() system calls. A local user can execute arbitrary commands on the system with root privileges.
Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 6.0
exim: before 4.72-2.el6
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2011-3406
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Privilege escalation
EUVDB-ID: #VU341
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:A/U:Clear]
CVE-ID: CVE-2010-4345
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on vulnerable system.
The vulnerability exists due to design error in Exim, when allowing local users to load arbitrary configuration file via the "spool_directory" directive. A local user can specify an alternate configuration file with a directive that contains arbitrary commands and execute arbitrary commands on the system with root privileges.
Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 6.0
exim: before 4.72-2.el6
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2011-3406
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
