Description: Debian Lenny comes with exim 4.69 by default , the service have different vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344
To solve this problem there are updates available
However also the latest version have some problem with privilege escalation
http://www.cpanel.net/2010/12/critical-exim-security-update.html
Upgrading to the latest version it will solve temporary this issue but it may still have some other local bugs
Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability vas found on
4.72 version
There are also updates available
http://www.securityfocus.com/bid/45341/solution
However it is possible to solve the privilege escalation by compiling the latest version with the option ALT_CONFIG_ROOT_ONLY
Check for updates !
Tags: exim , local privilege escalation ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.