Exim < 4.86.2 - Privilege Escalation Vulnerability

by CIRT Team

Description:

CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument.

Impact: When Exim installation has been compiled with Perl support and contains a  perl_startup configuration variable it can be exploited by malicious local  attackers to gain root privileges.

Mitigation: Vendor has released patch version.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531
• https://www.exim.org/static/doc/CVE-2016-1531.txt
• https://github.com/Exim/exim/wiki/EximSecurity

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts