FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exim -- local privilleges escalation

Affected packages
exim < 4.86.2
exim < 4.85.2
exim < 4.84.2

Details

VuXML ID 7d09b9ee-e0ba-11e5-abc4-6fb07af136d2
Discovery 2016-02-26
Entry 2016-03-02

The Exim development team reports:

All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe.

References

CVE Name CVE-2016-1531
URL https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html