Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.
e3a4e4748cd68f2fd685d0f69f6b2dbf2c95867f71a5d365a61fe7544703c801It has come to the attention of The Exim Maintainers that there is an exploit circulating in the wild which affects versions of Exim versions 4.69 and below. The flaw permits remote code execution over SMTP and, when combined with some clever abuse of Exim's configuration, escalation to root privileges from the Exim run-time user.
5adb4da500bcb608c4a6e8d0326b0cf1582c4c29fc9fdc75ec210086b2a2eb60Exim version 4.63 remote root exploit that uses a connect-back shell. Works on RedHat, Centos and Debian.
af8e1e361c82fc87041373b6e4044b0f7d87c3a5ff26e31b243a3efd06e7c7caUbuntu Security Notice 1032-1 - Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges.
77e24a5685302d1d9a4706ecabe2856bbab0526e7306773761125b28efb31777Debian Linux Security Advisory 2131-1 - Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild.
5b6512209c1f9073f2e15c1c0f2b5721c46a834515e3e9afa824750e050dcb56This Metasploit module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon.
15971c9b06d4a9c47a89c4805a714e4e8f8fade760ff5ea9313cc6eeb5a8d923
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed