Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2933-1.NASL
HistoryMar 16, 2016 - 12:00 a.m.

Ubuntu 14.04 LTS : Exim vulnerabilities (USN-2933-1)

2016-03-1600:00:00
Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment by default on startup, including any subprocesses such as transports that call other programs. This change in behaviour may break existing installations and can be adjusted by using two new configuration options, keep_environment and add_environment. (CVE-2016-1531)

Patrick William discovered that Exim incorrectly expanded mathematical comparisons twice. A local attacker could possibly use this issue to perform arbitrary file operations as the Exim user. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2972).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2933-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89962);
  script_version("2.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2014-2972", "CVE-2016-1531");
  script_xref(name:"USN", value:"2933-1");

  script_name(english:"Ubuntu 14.04 LTS : Exim vulnerabilities (USN-2933-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that Exim incorrectly filtered environment variables
when used with the perl_startup configuration option. If the
perl_startup option was enabled, a local attacker could use this issue
to escalate their privileges to the root user. This issue has been
fixed by having Exim clean the complete execution environment by
default on startup, including any subprocesses such as transports that
call other programs. This change in behaviour may break existing
installations and can be adjusted by using two new configuration
options, keep_environment and add_environment. (CVE-2016-1531)

Patrick William discovered that Exim incorrectly expanded mathematical
comparisons twice. A local attacker could possibly use this issue to
perform arbitrary file operations as the Exim user. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2972).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2933-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1531");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Exim "perl_startup" Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:eximon4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exim4-config");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'exim4', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'exim4-base', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'exim4-config', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'exim4-daemon-heavy', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'exim4-daemon-light', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'exim4-dev', 'pkgver': '4.82-3ubuntu2.1'},
    {'osver': '14.04', 'pkgname': 'eximon4', 'pkgver': '4.82-3ubuntu2.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'exim4 / exim4-base / exim4-config / exim4-daemon-heavy / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxexim4-daemon-heavyp-cpe:/a:canonical:ubuntu_linux:exim4-daemon-heavy
canonicalubuntu_linuxexim4-daemon-lightp-cpe:/a:canonical:ubuntu_linux:exim4-daemon-light
canonicalubuntu_linuxexim4-devp-cpe:/a:canonical:ubuntu_linux:exim4-dev
canonicalubuntu_linuxeximon4p-cpe:/a:canonical:ubuntu_linux:eximon4
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linuxexim4p-cpe:/a:canonical:ubuntu_linux:exim4
canonicalubuntu_linuxexim4-basep-cpe:/a:canonical:ubuntu_linux:exim4-base
canonicalubuntu_linuxexim4-configp-cpe:/a:canonical:ubuntu_linux:exim4-config

Related

ubuntu 1
openvas 10
fedora 4
nessus 12
amazon 1
cve 2
ubuntucve 2
gentoo 1
prion 2
debiancve 2
debian 2
archlinux 1
packetstorm 3
osv 1
metasploit 1
zdt 3
exploitpack 2
suse 2
freebsd 1
exploitdb 3
ubuntu
ubuntu
Exim vulnerabilities
2016-03-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2933-1)
2016-03-16 00:00:00
Fedora Update for exim FEDORA-2014-8803
2014-08-05 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-395)
2015-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: exim-4.80.1-7.fc20
2014-08-01 23:56:50
[SECURITY] Fedora 19 Update: exim-4.80.1-4.fc19
2014-08-01 23:55:20
[SECURITY] Fedora 22 Update: exim-4.85.2-1.fc22
2016-03-13 09:53:45
nessus
nessus
Exim < 4.83 Math Comparison Functions Data Insertion
2014-08-07 00:00:00
Amazon Linux AMI : exim (ALAS-2014-395)
2014-10-12 00:00:00
Fedora 20 : exim-4.80.1-7.fc20 (2014-8865)
2014-08-04 00:00:00
amazon
amazon
Low: exim
2014-08-21 11:19:00
cve
cve
CVE-2014-2972
2014-09-04 17:55:00
CVE-2016-1531
2016-04-07 23:59:00
ubuntucve
ubuntucve
CVE-2014-2972
2014-09-04 00:00:00
CVE-2016-1531
2016-03-02 00:00:00
gentoo
gentoo
Exim: Arbitrary code execution
2016-07-20 00:00:00
prion
prion
Design/Logic Flaw
2014-09-04 17:55:00
Code injection
2016-04-07 23:59:00
debiancve
debiancve
CVE-2014-2972
2014-09-04 17:55:00
CVE-2016-1531
2016-04-07 23:59:00
debian
debian
[SECURITY] [DSA 3517-1] exim4 security update
2016-03-14 05:48:18
[SECURITY] [DSA 3517-1] exim4 security update
2016-03-14 05:48:18
archlinux
archlinux
exim: privilege escalation
2016-03-10 00:00:00
packetstorm
packetstorm
Exim Local Privilege Escalation
2016-03-10 00:00:00
Exim 4.84-3 Local Root / Privilege Escalation
2016-03-08 00:00:00
Exim perl_startup Privilege Escalation
2016-04-14 00:00:00
osv
osv
exim4 - security update
2016-03-14 00:00:00
metasploit
metasploit
Exim "perl_startup" Privilege Escalation
2016-04-13 22:51:20
zdt
zdt
Exim 4.84-3 - Privilege Escalation
2016-03-09 00:00:00
Exim - 'perl_startup' Privilege Escalation (Metasploit)
2016-04-15 00:00:00
Exim < 4.86.2 - Privilege Escalation
2016-03-10 00:00:00
exploitpack
exploitpack
Exim 4.84-3 - Local Privilege Escalation
2016-03-09 00:00:00
Exim 4.86.2 - Local Privilege Escalation
2016-03-10 00:00:00
suse
suse
Security update for exim (important)
2016-03-11 14:16:09
Security update for exim (important)
2017-08-29 18:39:29
freebsd
freebsd
exim -- local privillege escalation
2016-02-26 00:00:00
exploitdb
exploitdb
Exim 4.84-3 - Local Privilege Escalation
2016-03-09 00:00:00
Exim - &#039;perl_startup&#039; Local Privilege Escalation (Metasploit)
2016-04-15 00:00:00
Exim &lt; 4.86.2 - Local Privilege Escalation
2016-03-10 00:00:00
JSON
Related for UBUNTU_USN-2933-1.NASL
ubuntu1openvas10fedora4nessus12amazon1cve2ubuntucve2gentoo1prion2debiancve2debian2archlinux1packetstorm3osv1metasploit1zdt3exploitpack2suse2freebsd1exploitdb3