Test Kennung:	1.3.6.1.4.1.25623.1.0.68554
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2010:0970
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2010:0970. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim's internal string_vformat() function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim. (CVE-2010-4344) Note: successful exploitation would allow a remote attacker to execute arbitrary code as root on a Red Hat Enterprise Linux 4 or 5 system that is running the Exim mail server. An exploit for this issue is known to exist. For additional information regarding this flaw, along with mitigation advice, please see the Knowledge Base article linked to in the References section of this advisory. Users of Exim are advised to update to these erratum packages which contain a backported patch to correct this issue. After installing this update, the Exim daemon will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0970.html Risk factor : Critical CVSS Score: 9.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4344 1024858 http://www.securitytracker.com/id?1024858 20101213 Exim security issue in historical release http://www.securityfocus.com/archive/1/515172/100/0/threaded 40019 http://secunia.com/advisories/40019 42576 http://secunia.com/advisories/42576 42586 http://secunia.com/advisories/42586 42587 http://secunia.com/advisories/42587 42589 http://secunia.com/advisories/42589 45308 http://www.securityfocus.com/bid/45308 69685 http://www.osvdb.org/69685 ADV-2010-3171 http://www.vupen.com/english/advisories/2010/3171 ADV-2010-3172 http://www.vupen.com/english/advisories/2010/3172 ADV-2010-3181 http://www.vupen.com/english/advisories/2010/3181 ADV-2010-3186 http://www.vupen.com/english/advisories/2010/3186 ADV-2010-3204 http://www.vupen.com/english/advisories/2010/3204 ADV-2010-3246 http://www.vupen.com/english/advisories/2010/3246 ADV-2010-3317 http://www.vupen.com/english/advisories/2010/3317 DSA-2131 http://www.debian.org/security/2010/dsa-2131 RHSA-2010:0970 http://www.redhat.com/support/errata/RHSA-2010-0970.html SUSE-SA:2010:059 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html USN-1032-1 http://www.ubuntu.com/usn/USN-1032-1 VU#682457 http://www.kb.cert.org/vuls/id/682457 [exim-dev] 20101207 Remote root vulnerability in Exim http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html [exim-dev] 20101210 Re: Remote root vulnerability in Exim http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html [oss-security] 20101210 Exim remote root http://openwall.com/lists/oss-security/2010/12/10/1 [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim http://www.openwall.com/lists/oss-security/2021/05/04/7 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 http://atmail.com/blog/2010/atmail-6204-now-available/ http://bugs.exim.org/show_bug.cgi?id=787 http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ https://bugzilla.redhat.com/show_bug.cgi?id=661756
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.