Exim < 4.72 Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote mail server is potentially affected by multiple

Description :

The remote host is running Exim, a message transfer agent (SMTP).

According to the version number in its banner, the installed version
of Exim is earlier than 4.72 and thus potentially affected by one or
both of the following vulnerabilities :

- An error when handling hardlinks within the mail
directory during the mail delivery process can be
exploited to perform unauthorized actions.

- When MBX locking is enabled, a race condition exists
that could allow an attacker to change permissions of
other non-root users' files, leading to denial-of-
service conditions or potentially privilege escalation.

See also :


Solution :

Upgrade to Exim 4.72 or later when it becomes available.

Risk factor :

Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.2
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 46783 (exim_4_72.nasl)

Bugtraq ID: 40451

CVE ID: CVE-2010-2023