Scientific Linux Security Update : exim on SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A buffer overflow flaw was discovered in Exim's internal
string_vformat() function. A remote attacker could use this flaw to
execute arbitrary code on the mail server running Exim.
(CVE-2010-4344)

Note: successful exploitation would allow a remote attacker to execute
arbitrary code as root on a Scientific Linux 4 or 5 system that is
running the Exim mail server. An exploit for this issue is known to
exist.

After installing this update, the Exim daemon will be restarted
automatically.

See also :

http://www.nessus.org/u?7cab787a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60919 ()

Bugtraq ID:

CVE ID: CVE-2010-4344