CVE-2017-1000369
published 2017-06-19CVE-2017-1000369: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers…
PriorityP418medium4CVSS 3.1
AVLACLPRNUINSUCNILAN
EPSS
0.53%
40.7th percentile
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | exim4 | < exim4 4.89-3 (bookworm) | exim4 4.89-3 (bookworm) |
| exim | exim | <= 4.87.1 | — |
| exim | exim | — | — |
| exim | exim | — | — |
CVSS provenance
nvdv3.14.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv4.0MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim vulnerability
vendor_ubuntu·2017-06-19
CVE-2017-1000369 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to run programs as an administrator.
It was discovered that Exim did not properly deallocate memory when
processing certain command line arguments. A local attacker could use this
in conjunction with a vulnerability in the underlying kernel to possibly
execute arbitrary code and gain administrative privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Exim: Privilege escalation via multiple memory leaks
vendor_redhat·2017-06-19·CVSS 4.0
CVE-2017-1000369 [MEDIUM] Exim: Privilege escalation via multiple memory leaks
Exim: Privilege escalation via multiple memory leaks
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
Statement: Exim itself is not vulnerable to privilege escalation, but this particular flaw in exim can be used by the stackguard vulnerability (https://access.redhat.com/security/vulnerabilities/stackguard) to achieve privilege escalation.
Package: exim (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2017-1000369: exim4 - Exim supports the use of multiple "-p" command line arguments which are malloc()...
vendor_debian·2017·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369: exim4 - Exim supports the use of multiple "-p" command line arguments which are malloc()...
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
Scope: local
bookworm: resolved (fixed in 4.89-3)
bullseye: resolved (fixed in 4.89-3)
forky: resolved (fixed in 4.89-3)
sid: resolved (fixed in 4.89-3)
trixie: resolved (fixed in 4.89-3)
GHSA
GHSA-wrh8-mmqh-q688: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows
ghsa_unreviewed·2022-05-13
CVE-2017-1000369 [MEDIUM] CWE-404 GHSA-wrh8-mmqh-q688: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
OSV
CVE-2017-1000369: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows
osv·2017-06-19·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [fedora-all]
bugzilla·2017-06-21·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [fedora-all]
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-7]
bugzilla·2017-06-21·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-7]
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-6]
bugzilla·2017-06-21·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-6]
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks
bugzilla·2017-06-01·CVSS 4.0
CVE-2017-1000369 [MEDIUM] CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks
CVE-2017-1000369 Exim: Privilege escalation via multiple memory leaks
Several memory leak flaws were found in Exim. A local attacker who has access to run the exim binary could use this flaw to escalate his privilege to root.
Discussion:
Created attachment 1284052
Upstream proposed patch
---
Upstream commit:
https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
---
Statement:
Exim itself is not vulnerable to privilege escalation, but this particular flaw in exim can be used by the stackguard vulnerability (https://access.redhat.com/security/vulnerabilities/stackguard) to achieve privilege escalation.
---
Created exim tracking bugs for this issue:
Affects: fedora-all [bug 1463539]
Affects: epel-6 [bug 1463540]
Affects: epel-7 [bug 1463541]
http://www.debian.org/security/2017/dsa-3888http://www.securityfocus.com/bid/99252http://www.securitytracker.com/id/1038779https://access.redhat.com/security/cve/CVE-2017-1000369https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21https://security.gentoo.org/glsa/201709-19https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txthttp://www.debian.org/security/2017/dsa-3888http://www.securityfocus.com/bid/99252http://www.securitytracker.com/id/1038779https://access.redhat.com/security/cve/CVE-2017-1000369https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21https://security.gentoo.org/glsa/201709-19https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
2017-06-19
Published