In association with heise online

01 February 2011, 12:04

Exim update closes vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Exim Logo The Exim developers have released version 4.74 of their message transfer agent (MTA), a maintenance and security update that addresses a privilege escalation vulnerability. The problem, which could allow attackers to gain root privileges, is caused by an error in the "open_log()" function that does not check a return value before creating log files. This could allow an attacker with "run-time" user privileges to append malicious content to arbitrary files with root privileges. Versions up to and including Exim 4.73 are reportedly affected. All users are encouraged to upgrade to the latest release.

More details about the update can be found in the mailing list release announcement and in the change log. Version 4.74 of Exim is available to download from one of the project's mirrors. Exim is licensed under the terms of the GPL.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1181606
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit