English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68722
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0153
Summary:Redhat Security Advisory RHSA-2011:0153
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0153.

Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on UNIX systems connected to the Internet.

A privilege escalation flaw was discovered in Exim. If an attacker were
able to gain access to the exim user, they could cause Exim to execute
arbitrary commands as the root user. (CVE-2010-4345)

This update adds a new configuration file, /etc/exim/trusted-configs. To
prevent Exim from running arbitrary commands as root, Exim will now drop
privileges when run with a configuration file not listed as trusted. This
could break backwards compatibility with some Exim configurations, as the
trusted-configs file only trusts /etc/exim/exim.conf and
/etc/exim/exim4.conf by default. If you are using a configuration file
not listed in the new trusted-configs file, you will need to add it
manually.

Additionally, Exim will no longer allow a user to execute exim as root with
the -D command line option to override macro definitions. All macro
definitions that require root permissions must now reside in a trusted
configuration file.

Users of Exim are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the exim daemon will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0153.html

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4345
Bugtraq: 20101213 Exim security issue in historical release (Google Search)
http://www.securityfocus.com/archive/1/archive/1/515172/100/0/threaded
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://openwall.com/lists/oss-security/2010/12/10/1
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Debian Security Information: DSA-2131 (Google Search)
http://www.debian.org/security/2010/dsa-2131
Debian Security Information: DSA-2154 (Google Search)
http://www.debian.org/security/2011/dsa-2154
http://www.redhat.com/support/errata/RHSA-2011-0153.html
SuSE Security Announcement: SUSE-SA:2010:059 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://www.ubuntu.com/usn/USN-1060-1
CERT/CC vulnerability note: VU#758489
http://www.kb.cert.org/vuls/id/758489
BugTraq ID: 45341
http://www.securityfocus.com/bid/45341
http://www.securitytracker.com/id?1024859
http://secunia.com/advisories/42576
http://secunia.com/advisories/42930
http://secunia.com/advisories/43128
http://secunia.com/advisories/43243
http://www.vupen.com/english/advisories/2010/3171
http://www.vupen.com/english/advisories/2010/3204
http://www.vupen.com/english/advisories/2011/0135
http://www.vupen.com/english/advisories/2011/0245
http://www.vupen.com/english/advisories/2011/0364
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.