Exim: Local privilege escalation — GLSA 201709-19

A vulnerability in Exim may allow local users to gain root privileges.

Affected Packages

mail-mta/exim on all architectures
Affected versions < 4.89-r1
Unaffected versions >= 4.89-r1

Background

Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.

Description

Exim supports the use of multiple “-p” command line arguments causing a memory leak. This could lead to a stack-clash in user-space and as result the attacker can, “clash” or “smash” the stack or another memory region, or “jump” over the stack guard-page.

Impact

A local attacker could obtain root privileges.

Workaround

There is no known workaround at this time.

Resolution

All Exim users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.89-r1"
 

References

Release Date
September 24, 2017

Latest Revision
September 24, 2017: 1

Severity
normal

Exploitable
local

Bugzilla entries