FreeBSD : exim -- Privilege escalation via multiple memory leaks (8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4f)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Qualsys reports :

Exim supports the use of multiple '-p' command line arguments which
are malloc()'ed and never free()'ed, used in conjunction with other
issues allows attackers to cause arbitrary code execution. This
affects exim version 4.89 and earlier. Please note that at this time
upstream has released a patch (commit
65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a
new point release is available that addresses this issue at this time.

See also :

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
http://www.nessus.org/u?5694da39

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100975 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now