Exim update closes vulnerability
The Exim developers have released version 4.74 of their message transfer agent (MTA), a maintenance and security update that addresses a privilege escalation vulnerability. The problem, which could allow attackers to gain root privileges, is caused by an error in the "open_log()" function that does not check a return value before creating log files. This could allow an attacker with "run-time" user privileges to append malicious content to arbitrary files with root privileges. Versions up to and including Exim 4.73 are reportedly affected. All users are encouraged to upgrade to the latest release.
More details about the update can be found in the mailing list release announcement and in the change log. Version 4.74 of Exim is available to download from one of the project's mirrors. Exim is licensed under the terms of the GPL.
See also:
- Exim Log File Creation Permissions Privilege Escalation Vulnerability, security advisory form Vupen.
(crve)