Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1531Untrusted Search Path in Exim

CWE-264CWE-426Untrusted Search Path14 documents9 sources
Severity
7.0HIGHNVD
OSV4.6
EPSS
56.8%
top 1.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Exim4Exim
Timeline
PublishedApr 7
Latest updateMay 17

Description

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

debiandebian/exim4< exim4 4.86.2-1 (bookworm)
NVDexim/exim4.86

🔴Vulnerability Details

3
GHSA
GHSA-qqgw-xrxj-r5fc: Exim before 42022-05-17
OSV
CVE-2016-1531: Exim before 42016-04-07
OSV
exim4 vulnerabilities2016-03-15

💥Exploits & PoCs

3
Exploit-DB
Exim - 'perl_startup' Local Privilege Escalation (Metasploit)2016-04-15
Exploit-DB
Exim < 4.86.2 - Local Privilege Escalation2016-03-10
Exploit-DB
Exim 4.84-3 - Local Privilege Escalation2016-03-09

📋Vendor Advisories

3
Ubuntu
Exim vulnerabilities2016-03-15
Red Hat
exim: local root privilege escalation for configurations with perl_startup2016-03-02
Debian
CVE-2016-1531: exim4 - Exim before 4.86.2, when installed setuid root, allows local users to gain privi...2016

📄Research Papers

1
CTF
LinuxPrivEsc / README

💬Community

3
Bugzilla
CVE-2016-1531 exim: Local privilege escalation for set-uid root exim when using perl_startup [epel-all]2016-03-03
Bugzilla
CVE-2016-1531 exim: local root privilege escalation for configurations with perl_startup2016-03-03
Bugzilla
CVE-2016-1531 exim: Local privilege escalation for set-uid root exim when using perl_startup [fedora-all]2016-03-03