Main Vulnerability Database Vulnerabilities #VU34

#VU34 Default set-uid root for perl_startup script - CVE-2016-1531

Published: June 28, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU34

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2016-1531

CWE-ID: CWE-676

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to improper default permission for "perl_startup" startup script, which has set-uid root bit. A local user can obtain root privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges and execute arbitrary commands as root.

Remediation

Install the latest version Exim 4.84.2, 4.85.2 or 4.86.2.

External links

https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html

#VU34 Default set-uid root for perl_startup script - CVE-2016-1531

Description

Remediation

External links

Please verify you're human