Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68554
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0970
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0970.

Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet.

A buffer overflow flaw was discovered in Exim's internal
string_vformat() function. A remote attacker could use this flaw to
execute arbitrary code on the mail server running Exim. (CVE-2010-4344)

Note: successful exploitation would allow a remote attacker to execute
arbitrary code as root on a Red Hat Enterprise Linux 4 or 5 system that
is running the Exim mail server. An exploit for this issue is known to
exist.

For additional information regarding this flaw, along with mitigation
advice, please see the Knowledge Base article linked to in the
References section of this advisory.

Users of Exim are advised to update to these erratum packages which
contain a backported patch to correct this issue. After installing this
update, the Exim daemon will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0970.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4344
BugTraq ID: 45308
http://www.securityfocus.com/bid/45308
Bugtraq: 20101213 Exim security issue in historical release (Google Search)
http://www.securityfocus.com/archive/1/515172/100/0/threaded
CERT/CC vulnerability note: VU#682457
http://www.kb.cert.org/vuls/id/682457
Debian Security Information: DSA-2131 (Google Search)
http://www.debian.org/security/2010/dsa-2131
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://openwall.com/lists/oss-security/2010/12/10/1
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://www.osvdb.org/69685
http://www.redhat.com/support/errata/RHSA-2010-0970.html
http://www.securitytracker.com/id?1024858
http://secunia.com/advisories/40019
http://secunia.com/advisories/42576
http://secunia.com/advisories/42586
http://secunia.com/advisories/42587
http://secunia.com/advisories/42589
SuSE Security Announcement: SUSE-SA:2010:059 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://www.ubuntu.com/usn/USN-1032-1
http://www.vupen.com/english/advisories/2010/3171
http://www.vupen.com/english/advisories/2010/3172
http://www.vupen.com/english/advisories/2010/3181
http://www.vupen.com/english/advisories/2010/3186
http://www.vupen.com/english/advisories/2010/3204
http://www.vupen.com/english/advisories/2010/3246
http://www.vupen.com/english/advisories/2010/3317
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.