CVE-2016-1531

EUVD-2016-2626
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
eximexim
𝑥
≤ 4.86
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exim4
bookworm
4.96-15+deb12u5
fixed
bookworm (security)
4.96-15+deb12u5
fixed
bullseye
4.94.2-7+deb11u3
fixed
bullseye (security)
4.94.2-7+deb11u4
fixed
sid
4.98-2
fixed
trixie
4.98-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exim4
precise
Fixed 4.76-3ubuntu3.3
released
trusty
Fixed 4.82-3ubuntu2.1
released
wily
Fixed 4.86-3ubuntu1.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html
http://www.debian.org/security/2016/dsa-3517
http://www.exim.org/static/doc/CVE-2016-1531.txt
http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup
http://www.securitytracker.com/id/1035512
http://www.ubuntu.com/usn/USN-2933-1
https://www.exploit-db.com/exploits/39535/
https://www.exploit-db.com/exploits/39549/
https://www.exploit-db.com/exploits/39702/
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html
http://www.debian.org/security/2016/dsa-3517
http://www.exim.org/static/doc/CVE-2016-1531.txt
http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup
http://www.securitytracker.com/id/1035512
http://www.ubuntu.com/usn/USN-2933-1
https://www.exploit-db.com/exploits/39535/
https://www.exploit-db.com/exploits/39549/
https://www.exploit-db.com/exploits/39702/