CVE-2016-1531 – Exim - 'perl_startup' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1531
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup. Exim versions 4.84-3 and below suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/39702 https://www.exploit-db.com/exploits/39535 https://www.exploit-db.com/exploits/39549 https://github.com/N3rdyN3xus/CVE-2016-1531 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html http://www.debian.org/security/2016/dsa-3517 http://www.exim.org/static/doc/CVE-2016-1531.txt http://www.rapid7.com/db/modules/exploit/u • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-2972
https://notcve.org/view.php?id=CVE-2014-2972
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. expand.c en Exim anterior a 4.83 expande las comparaciones matemáticas dos veces, lo que permite a usuarios locales ganar privilegios y ejecutar comandos arbitrarios a través de un valor lookup maniulado. • http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html http://www.ubuntu.com/usn/USN-2933-1 https://bugzilla.redhat.com/show_bug.cgi?id=1122552 https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html https://security.gentoo.org/gls • CWE-189: Numeric Errors •
CVE-2014-2957
https://notcve.org/view.php?id=CVE-2014-2957
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. La función dmarc_process en dmarc.c en Exim anterior a 4.82.1, cuando EXPERIMENTAL_DMARC está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de la cabecera Desde en un email, lo cual es pasado a la función expand_string. • http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0 http://www.openwall.com/lists/oss-security/2021/05/04/7 https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html • CWE-20: Improper Input Validation •
CVE-2012-5671
https://notcve.org/view.php?id=CVE-2012-5671
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. Desbordamiento de búfer basado en memoria dinámica en la función dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM está habilitado y acl_smtp_connect y acl_smtp_rcpt no están establecidos en "warn control = dkim_disable_verify", permite a atacantes remotos ejecutar código arbitrario a través de un correo electrónico de un servidor DNS malicioso. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html http://osvdb.org/86616 http://secunia.com/advisories/51098 http://secunia.com/advisories/51115 http://secunia.com/advisories/51153 http://secunia.com/advisories/51155 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1407
https://notcve.org/view.php?id=CVE-2011-1407
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. La implementación de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparación de las identidades DKIM para aplicar a las operaciones de búsqueda artículos, en lugar de sólo cadenas, que permite a atacantes remotos ejecutar código arbitrario o acceso a un sistema de ficheros a través de una identidad manipulada. • http://www.debian.org/security/2011/dsa-2236 http://www.securityfocus.com/bid/47836 http://www.ubuntu.com/usn/USN-1135-1 https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html • CWE-20: Improper Input Validation •