SB2011052404 - Fedora EPEL 6 update for exim

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011052404

SB2011052404 - Fedora EPEL 6 update for exim

Published: May 24, 2011 Updated: April 24, 2025

Security Bulletin ID SB2011052404
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 25% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2011-1407)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.


2) Use of externally-controlled format string (CVE-ID: CVE-2011-1764)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the dkim_exim_verify_finish function in src/dkim.c due to use of externally-controlled format string. A remote attacker can cause the service to crash or execute arbitrary code via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

Successful exploitation of the vulnerability may result in system compromise.

3) Privilege escalation (CVE-ID: CVE-2011-0017)

The vulnerability allows a local user to escalate privileges on the vulnerable system.

The vulnerability exists due to Exim implementation on Linux system does not check return values from the setuid()/setgid() system calls. A local user can execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.


4) Privilege escalation (CVE-ID: CVE-2010-4345)

The vulnerability allows a local user to escalate privileges on vulnerable system.

The vulnerability exists due to design error in Exim, when allowing local users to load arbitrary configuration file via the "spool_directory" directive. A local user can specify an alternate configuration file with a directive that contains arbitrary commands and execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.


Remediation

Install update from vendor's website.

References