English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.870379
Categoría:Red Hat Local Security Checks
Título:RedHat Update for exim RHSA-2011:0153-01
Resumen:The remote host is missing an update for the 'exim'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'exim'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on UNIX systems connected to the Internet.

A privilege escalation flaw was discovered in Exim. If an attacker were
able to gain access to the 'exim' user, they could cause Exim to execute
arbitrary commands as the root user. (CVE-2010-4345)

This update adds a new configuration file, '/etc/exim/trusted-configs'. To
prevent Exim from running arbitrary commands as root, Exim will now drop
privileges when run with a configuration file not listed as trusted. This
could break backwards compatibility with some Exim configurations, as the
trusted-configs file only trusts '/etc/exim/exim.conf' and
'/etc/exim/exim4.conf' by default. If you are using a configuration file
not listed in the new trusted-configs file, you will need to add it
manually.

Additionally, Exim will no longer allow a user to execute exim as root with
the -D command line option to override macro definitions. All macro
definitions that require root permissions must now reside in a trusted
configuration file.

Users of Exim are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the exim daemon will be restarted automatically.

Affected Software/OS:
exim on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4345
1024859
http://www.securitytracker.com/id?1024859
20101213 Exim security issue in historical release
http://www.securityfocus.com/archive/1/515172/100/0/threaded
42576
http://secunia.com/advisories/42576
42930
http://secunia.com/advisories/42930
43128
http://secunia.com/advisories/43128
43243
http://secunia.com/advisories/43243
45341
http://www.securityfocus.com/bid/45341
ADV-2010-3171
http://www.vupen.com/english/advisories/2010/3171
ADV-2010-3204
http://www.vupen.com/english/advisories/2010/3204
ADV-2011-0135
http://www.vupen.com/english/advisories/2011/0135
ADV-2011-0245
http://www.vupen.com/english/advisories/2011/0245
ADV-2011-0364
http://www.vupen.com/english/advisories/2011/0364
DSA-2131
http://www.debian.org/security/2010/dsa-2131
DSA-2154
http://www.debian.org/security/2011/dsa-2154
RHSA-2011:0153
http://www.redhat.com/support/errata/RHSA-2011-0153.html
SUSE-SA:2010:059
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
USN-1060-1
http://www.ubuntu.com/usn/USN-1060-1
VU#758489
http://www.kb.cert.org/vuls/id/758489
[exim-dev] 20101207 Remote root vulnerability in Exim
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
[exim-dev] 20101210 Re: Remote root vulnerability in Exim
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
[oss-security] 20101210 Exim remote root
http://openwall.com/lists/oss-security/2010/12/10/1
[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://bugs.exim.org/show_bug.cgi?id=1044
http://www.cpanel.net/2010/12/critical-exim-security-update.html
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
https://bugzilla.redhat.com/show_bug.cgi?id=662012
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.