Exim < 4.86.2 - Privilege Escalation Vulnerability

Description:

CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument.

Impact: When Exim installation has been compiled with Perl support and contains a  perl_startup configuration variable it can be exploited by malicious local  attackers to gain root privileges.

Mitigation: Vendor has released patch version.

Reference URL’s:

Share