FreeBSD Local Security Checks : exim -- local privilege escalation

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68948

Categoría: FreeBSD Local Security Checks

Título: exim -- local privilege escalation

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

exim, exim-ldap, exim-ldap2, exim-mysql, exim-postgresql, exim-sa-exim

CVE-2011-0017
The open_log function in log.c in Exim 4.72 and earlier does not check
the return value from (1) setuid or (2) setgid system calls, which
allows local users to append log data to arbitrary files via a symlink
attack.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0017
43101
http://secunia.com/advisories/43101
43128
http://secunia.com/advisories/43128
43243
http://secunia.com/advisories/43243
46065
http://www.securityfocus.com/bid/46065
70696
http://osvdb.org/70696
ADV-2011-0224
http://www.vupen.com/english/advisories/2011/0224
ADV-2011-0245
http://www.vupen.com/english/advisories/2011/0245
ADV-2011-0364
http://www.vupen.com/english/advisories/2011/0364
ADV-2011-0464
http://www.vupen.com/english/advisories/2011/0464
DSA-2154
http://www.debian.org/security/2011/dsa-2154
SUSE-SR:2011:004
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
USN-1060-1
http://www.ubuntu.com/usn/USN-1060-1
[exim-announce] 20110125 Exim 4.74 Release
http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html
exim-openlog-privilege-escalation(65028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65028
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68948
Categoría:	FreeBSD Local Security Checks
Título:	exim -- local privilege escalation
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: exim, exim-ldap, exim-ldap2, exim-mysql, exim-postgresql, exim-sa-exim CVE-2011-0017 The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0017 43101 http://secunia.com/advisories/43101 43128 http://secunia.com/advisories/43128 43243 http://secunia.com/advisories/43243 46065 http://www.securityfocus.com/bid/46065 70696 http://osvdb.org/70696 ADV-2011-0224 http://www.vupen.com/english/advisories/2011/0224 ADV-2011-0245 http://www.vupen.com/english/advisories/2011/0245 ADV-2011-0364 http://www.vupen.com/english/advisories/2011/0364 ADV-2011-0464 http://www.vupen.com/english/advisories/2011/0464 DSA-2154 http://www.debian.org/security/2011/dsa-2154 SUSE-SR:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html USN-1060-1 http://www.ubuntu.com/usn/USN-1060-1 [exim-announce] 20110125 Exim 4.74 Release http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html exim-openlog-privilege-escalation(65028) https://exchange.xforce.ibmcloud.com/vulnerabilities/65028 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
Copyright	Copyright (C) 2011 E-Soft Inc.