Download
| Alert*
|
oval:org.secpod.oval:def:600545
A design flaw in exim4 allowed the loal Debian-exim user to obtain root privileges by specifying an alternate configuration file using the -C option or by using the macro override facility . Unfortunately, fixing this vulnerability is not possible without some changes in exim4"s behvaviour. If you ... oval:org.secpod.oval:def:700224 It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled ce ... oval:org.secpod.oval:def:600175 The updated packages from DSA-2154-1 introduced a regression which prevented unprivileged users from using "exim4 -bf" to test filter configurations. This update fixes this problem. Please also read the information provided in DSA-2154-1 if you have not done so already. |
