CVE-2016-1531
Exim - 'perl_startup' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
8Exploited in Wild
-Decision
Descriptions
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup.
It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment by default on startup, including any subprocesses such as transports that call other programs. This change in behaviour may break existing installations and can be adjusted by using two new configuration options, keep_environment and add_environment. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-07 CVE Reserved
- 2016-03-08 CVE Published
- 2016-03-08 First Exploit
- 2024-08-05 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.exim.org/static/doc/CVE-2016-1531.txt | Third Party Advisory | |
| http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup | X_refsource_misc | |
| http://www.securitytracker.com/id/1035512 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/136165 | 2016-03-10 | |
| https://packetstorm.news/files/id/136124 | 2016-03-08 | |
| https://www.exploit-db.com/exploits/39702 | 2024-08-05 | |
| https://www.exploit-db.com/exploits/39535 | 2024-08-05 | |
| https://www.exploit-db.com/exploits/39549 | 2024-08-05 | |
| https://github.com/N3rdyN3xus/CVE-2016-1531 | 2023-03-17 | |
| https://github.com/n3rdh4x0r/CVE-2016-1531 | 2023-03-17 | |
| http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html | 2017-09-08 | |
| http://www.debian.org/security/2016/dsa-3517 | 2017-09-08 | |
| http://www.ubuntu.com/usn/USN-2933-1 | 2017-09-08 |