Privilege escalation vulnerability in Exim MTA



Published: 2016-03-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-1531
CWE-ID CWE-250
CWE-676
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Default set-uid root for perl_startup script

EUVDB-ID: #VU34

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-1531

CWE-ID: CWE-250 - Execution with Unnecessary Privileges

Exploit availability: Yes

Description

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to improper default permission for "perl_startup" startup script, which has set-uid root bit. A local user can obtain root privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges and execute arbitrary commands as root.

Mitigation

Install the latest version Exim 4.84.2, 4.85.2 or 4.86.2.

Vulnerable software versions
CPE2.3
External links

http://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###