SuSE Update For Exim SUSE-SA:2010:059 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

The unprivileged user exim is running as could tell the exim daemon to read a different config file and leverage that to escalate privileges to root CVE-2010-4345. A buffer overflow in exim allowed remote attackers to execute arbitrary code CVE-2010-4344. openSUSE 11.3 is not affected by this flaw.

Affected

exim on openSUSE 11.1, openSUSE 11.2

References

http://www.novell.com/linux/security/advisories/2010_59_exim.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4344, CVE-2010-4345

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for DHCP
SLES10: Security update for Java Struts
SLES10: Security update for compat-curl2
SLES10: Security update for Cyrus IMAPD
SLES10: Security update for OpenEXR

SuSE Update for exim SUSE-SA:2010:059

Take action and discover your vulnerabilities