Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : exim4 vulnerabilities (USN-2933-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that Exim incorrectly filtered environment variables
when used with the perl_startup configuration option. If the
perl_startup option was enabled, a local attacker could use this issue
to escalate their privileges to the root user. This issue has been
fixed by having Exim clean the complete execution environment by
default on startup, including any subprocesses such as transports that
call other programs. This change in behaviour may break existing
installations and can be adjusted by using two new configuration
options, keep_environment and add_environment. (CVE-2016-1531)

Patrick William discovered that Exim incorrectly expanded mathematical
comparisons twice. A local attacker could possibly use this issue to
perform arbitrary file operations as the Exim user. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2972).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected exim4-daemon-custom, exim4-daemon-heavy and / or
exim4-daemon-light packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 89962 ()

Bugtraq ID:

CVE ID: CVE-2014-2972
CVE-2016-1531

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now