Scroll Top

Exim – Math Comparison Functions Local Command Execution

July 25, 2014

Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled.

The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can edit. In some cases, such as Exim being bundled with cPanel, the local command execution can actually lead to a root compromise as the Exim look-up is being done by the root user.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that a user can perform local commands under certain circumstances.

Vulnerable Version:

This vulnerability was tested against Exim 4.82 and is believed to exist in all previous versions.

Fixed Version:

This vulnerability was patched in Exim 4.83.

source:Rack 911

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.

Related Posts

Critical Exim Security Vulnerability

A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems. Join Our Online Security and Hosting…

25 Nov 2017
Exim CVE-2019-10149

A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers running Exim, security researchers have revealed today. CVE-2019-10149 was discovered by Qualys researchers. It is a remote command execution vulnerability that is exploitable instantly by a local attacker and by a remote attacker…

08 Jun 2019

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.
close-link
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy