Main Vulnerability Database Vulnerabilities #VU34

Default set-uid root for perl_startup script - CVE-2016-1531

Published: June 28, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU34

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2016-1531

CWE-ID: CWE-676

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to improper default permission for "perl_startup" startup script, which has set-uid root bit. A local user can obtain root privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges and execute arbitrary commands as root.

How to mitigate CVE-2016-1531

Install the latest version Exim 4.84.2, 4.85.2 or 4.86.2.

Sources

https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html

Default set-uid root for perl_startup script - CVE-2016-1531

Detailed vulnerability description

How to mitigate CVE-2016-1531

Sources

Please verify you're human