Oval Definition:	oval:org.mitre.oval:def:13736
Revision Date: 2014-06-30 Version: 20 Title: USN-1060-1 -- exim4 vulnerabilities Description: It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-2023 CVE-2010-2024 CVE-2010-4345 CVE-2011-0017 USN-1060-1 USN-1060-1 Platform(s): Ubuntu 10.04 Ubuntu 10.10 Ubuntu 6.06 Ubuntu 8.04 Ubuntu 9.10 Product(s): exim4 Definition Synopsis Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section exim4 DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-config DPKG is earlier than 4.69-2ubuntu0.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section exim4-dbg DPKG is earlier than 4.69-2ubuntu0.3 OR eximon4 DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-daemon-heavy-dbg DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-base DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-daemon-heavy DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-dev DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-daemon-light-dbg DPKG is earlier than 4.69-2ubuntu0.3 OR exim4-daemon-light DPKG is earlier than 4.69-2ubuntu0.3 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section exim4 DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-config DPKG is earlier than 4.72-1ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc OR Installed architecture is armel OR Installed architecture is amd64 OR Installed architecture is i386 AND Packages section exim4-dev DPKG is earlier than 4.72-1ubuntu1.1 OR eximon4 DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-daemon-heavy-dbg DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-daemon-light DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-daemon-heavy DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-dbg DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-daemon-light-dbg DPKG is earlier than 4.72-1ubuntu1.1 OR exim4-base DPKG is earlier than 4.72-1ubuntu1.1 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section exim4 DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-config DPKG is earlier than 4.71-3ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is armel AND Packages section exim4-dbg DPKG is earlier than 4.71-3ubuntu1.1 OR eximon4 DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-daemon-heavy-dbg DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-base DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-daemon-heavy DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-dev DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-daemon-light-dbg DPKG is earlier than 4.71-3ubuntu1.1 OR exim4-daemon-light DPKG is earlier than 4.71-3ubuntu1.1 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section exim4 DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-config DPKG is earlier than 4.69-11ubuntu4.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is powerpc OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is lpia AND Packages section exim4-dev DPKG is earlier than 4.69-11ubuntu4.2 OR eximon4 DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-daemon-heavy-dbg DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-daemon-light DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-daemon-heavy DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-dbg DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-daemon-light-dbg DPKG is earlier than 4.69-11ubuntu4.2 OR exim4-base DPKG is earlier than 4.69-11ubuntu4.2 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section exim4 DPKG is earlier than 4.60-3ubuntu3.3 OR exim4-config DPKG is earlier than 4.60-3ubuntu3.3 OR Architecture depended section Supported architectures section Installed architecture is sparc OR Installed architecture is powerpc OR Installed architecture is amd64 OR Installed architecture is i386 AND Packages section exim4-daemon-heavy DPKG is earlier than 4.60-3ubuntu3.3 OR eximon4 DPKG is earlier than 4.60-3ubuntu3.3 OR exim4-base DPKG is earlier than 4.60-3ubuntu3.3 OR exim4-daemon-light DPKG is earlier than 4.60-3ubuntu3.3
BACK