Exim vulnerabilities

2011-02-10T00:00:00
ID USN-1060-1
Type ubuntu
Reporter Ubuntu
Modified 2011-02-10T00:00:00

Description

It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the “Debian-exim” user could use an alternate configuration file to obtain root privileges. (CVE-2010-4345)

It was discovered that Exim incorrectly handled certain return values when handling logging. An attacker that obtained privileges of the “Debian-exim” user could use this flaw to obtain root privileges. (CVE-2011-0017)

Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2023)

Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2024)