Alpine: multiple exim packages: security update to 4.94.2-r0

critical Tenable Cloud Security Plugin ID 404249

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default
configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline
into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary
commands as root. (CVE-2020-28026)

- Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the
log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-
owned files anywhere on the filesystem. (CVE-2020-28007)

- Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the
spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header
file, in which a crafted recipient address can indirectly lead to command execution. (CVE-2020-28008)

- Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded
reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be
impractical because of the execution time needed to overflow (multiple days). (CVE-2020-28009)

- Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the
current working directory pathname into a buffer that is too small (on some common platforms).
(CVE-2020-28010)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-28007

https://security.alpinelinux.org/vuln/CVE-2020-28008

https://security.alpinelinux.org/vuln/CVE-2020-28009

https://security.alpinelinux.org/vuln/CVE-2020-28010

https://security.alpinelinux.org/vuln/CVE-2020-28011

https://security.alpinelinux.org/vuln/CVE-2020-28012

https://security.alpinelinux.org/vuln/CVE-2020-28013

https://security.alpinelinux.org/vuln/CVE-2020-28014

https://security.alpinelinux.org/vuln/CVE-2020-28015

https://security.alpinelinux.org/vuln/CVE-2020-28016

https://security.alpinelinux.org/vuln/CVE-2020-28017

https://security.alpinelinux.org/vuln/CVE-2020-28018

https://security.alpinelinux.org/vuln/CVE-2020-28019

https://security.alpinelinux.org/vuln/CVE-2020-28020

https://security.alpinelinux.org/vuln/CVE-2020-28021

https://security.alpinelinux.org/vuln/CVE-2020-28022

https://security.alpinelinux.org/vuln/CVE-2020-28023

https://security.alpinelinux.org/vuln/CVE-2020-28024

https://security.alpinelinux.org/vuln/CVE-2020-28025

https://security.alpinelinux.org/vuln/CVE-2020-28026

https://security.alpinelinux.org/vuln/CVE-2021-27216

Plugin Details

Severity: Critical

ID: 404249

Version: Revision 1.29

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

Percentile: 99.81

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-28026

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/6/2021

Reference Information

CVE: CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28010, CVE-2020-28011, CVE-2020-28012, CVE-2020-28013, CVE-2020-28014, CVE-2020-28015, CVE-2020-28016, CVE-2020-28017, CVE-2020-28018, CVE-2020-28019, CVE-2020-28020, CVE-2020-28021, CVE-2020-28022, CVE-2020-28023, CVE-2020-28024, CVE-2020-28025, CVE-2020-28026, CVE-2021-27216

IAVA: 2021-A-0216-S