icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Exim < 4.74 Local Privilege Escalation Vulnerability

High

Synopsis

The remote mail server is affected by a local privilege escalation vulnerability.

Description

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.74 are potentially affected by a local privilege escalation vulnerability. Attackers can exploit this flaw to append arbitrary data to files through symbolic link attacks. Successfully exploiting this issue allows local attackers with 'exim' run-time privileges to perform certain actions with superuser privileges, leading to a complete compromise of an affected computer. Note that this issue only affects Exim on Linux.

Solution

Upgrade to Exim 4.74 or later.