Vulnerability Name:

CVE-2016-1531 (CCN-111281)

Assigned:2016-03-03
Published:2016-03-03
Updated:2017-09-08
Summary:Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVSS v3 Severity:7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2016-1531

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0721

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html

Source: CCN
Type: Full-Disclosure Mailing List, Thu, 10 Mar 2016 14:20:53 -0300
Exim < 4.86.2 Local Root Privilege Escalation

Source: CCN
Type: oss-sec Mailing List, Thu, 3 Mar 2016 10:09:27 +0100
Exim CVE-2016-1531 fixed

Source: DEBIAN
Type: UNKNOWN
DSA-3517

Source: CONFIRM
Type: Third Party Advisory, US Government Resource
http://www.exim.org/static/doc/CVE-2016-1531.txt

Source: MISC
Type: UNKNOWN
http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup

Source: SECTRACK
Type: UNKNOWN
1035512

Source: UBUNTU
Type: UNKNOWN
USN-2933-1

Source: CCN
Type: Red Hat Bugzilla – Bug 1314293
(CVE-2016-1531) CVE-2016-1531 exim: Local privilege escalation for set-uid root exim when using perl_startup

Source: XF
Type: UNKNOWN
exim-cve20161531-priv-esc(111281)

Source: CCN
Type: exim Web site
[exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5

Source: CCN
Type: Packet Storm Security [03-08-2016]
Exim 4.84-3 Local Root / Privilege Escalation

Source: CCN
Type: Packet Storm Security [03-10-2016]
Exim Local Privilege Escalation

Source: CCN
Type: Packet Storm Security [04-14-2016]
Exim perl_startup Privilege Escalation

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-09-2016]

Source: EXPLOIT-DB
Type: Exploit
39535

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-10-2016]

Source: EXPLOIT-DB
Type: UNKNOWN
39549

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-15-2016]

Source: EXPLOIT-DB
Type: UNKNOWN
39702

Vulnerable Configuration:Configuration 1:
  • cpe:/a:exim:exim:*:*:*:*:*:*:*:* (Version <= 4.86)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20161531
    V
    		CVE-2016-1531
    2022-06-30
    oval:org.opensuse.security:def:112206
    P
    		exim-4.86.2-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105737
    P
    		exim-4.86.2-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.cisecurity:def:574
    P
    		DSA-3517-1 -- exim4 -- security update
    2016-07-01
    oval:com.ubuntu.precise:def:20161531000
    V
    		CVE-2016-1531 on Ubuntu 12.04 LTS (precise) - medium.
    2016-04-07
    oval:com.ubuntu.trusty:def:20161531000
    V
    		CVE-2016-1531 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-04-07
    BACK
    exim exim *