Vulnerability & Exploit Database

Back to search

RHSA-2011:0153: exim security update

Severity CVSS Published Added Modified
7 (AV:L/AC:M/Au:N/C:C/I:C/A:C) December 14, 2010 January 25, 2011 July 04, 2017

Available Exploits 


Exim is a mail transport agent (MTA) developed at the University ofCambridge for use on UNIX systems connected to the Internet.A privilege escalation flaw was discovered in Exim. If an attacker wereable to gain access to the "exim" user, they could cause Exim to executearbitrary commands as the root user. (CVE-2010-4345)This update adds a new configuration file, "/etc/exim/trusted-configs". Toprevent Exim from running arbitrary commands as root, Exim will now dropprivileges when run with a configuration file not listed as trusted. Thiscould break backwards compatibility with some Exim configurations, as thetrusted-configs file only trusts "/etc/exim/exim.conf" and"/etc/exim/exim4.conf" by default. If you are using a configuration filenot listed in the new trusted-configs file, you will need to add itmanually.Additionally, Exim will no longer allow a user to execute exim as root withthe -D command line option to override macro definitions. All macrodefinitions that require root permissions must now reside in a trustedconfiguration file.Users of Exim are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, the exim daemon will be restarted automatically.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial




Related Vulnerabilities