SB2011012801 - Two privilege escalation vulnerabilities in Exim

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011012801

SB2011012801 - Two privilege escalation vulnerabilities in Exim

Published: January 28, 2011

Security Bulletin ID SB2011012801
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2011-0017)

The vulnerability allows a local user to escalate privileges on the vulnerable system.

The vulnerability exists due to Exim implementation on Linux system does not check return values from the setuid()/setgid() system calls. A local user can execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.


2) Privilege escalation (CVE-ID: CVE-2010-4345)

The vulnerability allows a local user to escalate privileges on vulnerable system.

The vulnerability exists due to design error in Exim, when allowing local users to load arbitrary configuration file via the "spool_directory" directive. A local user can specify an alternate configuration file with a directive that contains arbitrary commands and execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.


Remediation

Install update from vendor's website.

References