Exim – Math Comparison Functions Local Command Execution

Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled.

The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can edit. In some cases, such as Exim being bundled with cPanel, the local command execution can actually lead to a root compromise as the Exim look-up is being done by the root user.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that a user can perform local commands under certain circumstances.

Vulnerable Version:

This vulnerability was tested against Exim 4.82 and is believed to exist in all previous versions.

Fixed Version:

This vulnerability was patched in Exim 4.83.

source:Rack 911