Test ID:	1.3.6.1.4.1.25623.1.0.880458
Category:	CentOS Local Security Checks
Title:	CentOS Update for exim CESA-2010:0970 centos4 i386
Summary:	The remote host is missing an update for the 'exim'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'exim' package(s) announced via the referenced advisory. Vulnerability Insight: Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim's internal string_vformat() function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim. (CVE-2010-4344) Note: successful exploitation would allow a remote attacker to execute arbitrary code as root on a Red Hat Enterprise Linux 4 or 5 system that is running the Exim mail server. An exploit for this issue is known to exist. For additional information regarding this flaw, along with mitigation advice, please see the Knowledge Base article linked to in the References section of this advisory. Users of Exim are advised to update to these erratum packages which contain a backported patch to correct this issue. After installing this update, the Exim daemon will be restarted automatically. Affected Software/OS: exim on CentOS 4 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4344 1024858 http://www.securitytracker.com/id?1024858 20101213 Exim security issue in historical release http://www.securityfocus.com/archive/1/515172/100/0/threaded 40019 http://secunia.com/advisories/40019 42576 http://secunia.com/advisories/42576 42586 http://secunia.com/advisories/42586 42587 http://secunia.com/advisories/42587 42589 http://secunia.com/advisories/42589 45308 http://www.securityfocus.com/bid/45308 69685 http://www.osvdb.org/69685 ADV-2010-3171 http://www.vupen.com/english/advisories/2010/3171 ADV-2010-3172 http://www.vupen.com/english/advisories/2010/3172 ADV-2010-3181 http://www.vupen.com/english/advisories/2010/3181 ADV-2010-3186 http://www.vupen.com/english/advisories/2010/3186 ADV-2010-3204 http://www.vupen.com/english/advisories/2010/3204 ADV-2010-3246 http://www.vupen.com/english/advisories/2010/3246 ADV-2010-3317 http://www.vupen.com/english/advisories/2010/3317 DSA-2131 http://www.debian.org/security/2010/dsa-2131 RHSA-2010:0970 http://www.redhat.com/support/errata/RHSA-2010-0970.html SUSE-SA:2010:059 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html USN-1032-1 http://www.ubuntu.com/usn/USN-1032-1 VU#682457 http://www.kb.cert.org/vuls/id/682457 [exim-dev] 20101207 Remote root vulnerability in Exim http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html [exim-dev] 20101210 Re: Remote root vulnerability in Exim http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html [oss-security] 20101210 Exim remote root http://openwall.com/lists/oss-security/2010/12/10/1 [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim http://www.openwall.com/lists/oss-security/2021/05/04/7 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 http://atmail.com/blog/2010/atmail-6204-now-available/ http://bugs.exim.org/show_bug.cgi?id=787 http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ https://bugzilla.redhat.com/show_bug.cgi?id=661756
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.