CVE-2021-27216
published 2021-05-06CVE-2021-27216: Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as…
PriorityP433medium6.3CVSS 3.1
AVLACHPRLUINSUCNIHAH
EPSS
0.98%
57.9th percentile
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.94.2-1 (bookworm) | exim4 4.94.2-1 (bookworm) |
| exim | exim | < 4.94.2 | 4.94.2 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.3MEDIUMAV:L/AC:M/Au:N/C:N/I:C/A:C
osv6.3MEDIUM
vendor_ubuntu9.8CRITICAL
vendor_oracle7.8HIGH
vendor_debian6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3gw6-8wwv-rhr2: Exim 4 before 4
ghsa_unreviewed·2022-05-24
CVE-2021-27216 [MEDIUM] CWE-269 GHSA-3gw6-8wwv-rhr2: Exim 4 before 4
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
OSV
CVE-2021-27216: Exim 4 before 4
osv·2021-05-06·CVSS 6.3
CVE-2021-27216 [MEDIUM] CVE-2021-27216: Exim 4 before 4
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Oracle
Oracle Oracle JD Edwards Risk Matrix: Installation (Eclipse Jetty) — CVE-2020-27216
vendor_oracle·2021-10-15·CVSS 7.0
CVE-2020-27216 [HIGH] Oracle Oracle JD Edwards Risk Matrix: Installation (Eclipse Jetty) — CVE-2020-27216
Oracle Oracle JD Edwards Risk Matrix: Installation (Eclipse Jetty) vulnerability
CVE: CVE-2020-27216
CVSS: 7.0
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpuoct2021 (OCT 2021)
Oracle
Oracle Oracle Communications Applications Risk Matrix: CN OCOMC (Eclipse Jetty) — CVE-2020-27216
vendor_oracle·2021-07-15·CVSS 7.8
CVE-2020-27216 [HIGH] Oracle Oracle Communications Applications Risk Matrix: CN OCOMC (Eclipse Jetty) — CVE-2020-27216
Oracle Oracle Communications Applications Risk Matrix: CN OCOMC (Eclipse Jetty) vulnerability
CVE: CVE-2020-27216
CVSS: 7.8
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujul2021 (JUL 2021)
Ubuntu
Exim vulnerabilities
vendor_ubuntu·2021-05-06·CVSS 9.8
CVE-2020-28011 [CRITICAL] Exim vulnerabilities
Title: Exim vulnerabilities
Summary: Several security issues were fixed in Exim.
USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Exim vulnerabilities
vendor_ubuntu·2021-05-04
CVE-2020-28022 Exim vulnerabilities
Title: Exim vulnerabilities
Summary: Several security issues were fixed in Exim.
It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Oracle
Oracle Oracle Communications Risk Matrix: Core (Eclipse Jetty) — CVE-2020-27216
vendor_oracle·2021-01-15·CVSS 7.8
CVE-2020-27216 [HIGH] Oracle Oracle Communications Risk Matrix: Core (Eclipse Jetty) — CVE-2020-27216
Oracle Oracle Communications Risk Matrix: Core (Eclipse Jetty) vulnerability
CVE: CVE-2020-27216
CVSS: 7.8
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujan2021 (JAN 2021)
Debian
CVE-2021-27216: exim4 - Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a ...
vendor_debian·2021·CVSS 6.3
CVE-2021-27216 [MEDIUM] CVE-2021-27216: exim4 - Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a ...
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (fixed in 4.94.2-1)
sid: resolved (fixed in 4.94.2-1)
trixie: resolved (fixed in 4.94.2-1)
No detection rules found.
No public exploits indexed.
Qualys
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
blogs_qualys·2021-05-04
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
## Table of Contents
About Exim
Exim Vulnerabilities
Proof of Concept
Vulnerability Summary
Technical Details
Qualys Coverage
Discover Vulnerable Exim Servers Using Qualys VMDR
Dashboard
Free 30-Day VMDR Service
Disclosure Timeline
Vendor References
Frequently Asked Questions (FAQs)
Update May 7, 2021 : Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. See the CISA announcement .
Original Post : The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.
## About Exim
Qualys
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server | Qualys
blogs_qualys·2021-05-04
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server | Qualys
#### Table of Contents
- About Exim
- Exim Vulnerabilities
- Proof of Concept
- Vulnerability Summary
- Technical Details
- Qualys Coverage
- Discover Vulnerable Exim Servers Using Qualys VMDR
- Dashboard
- Free 30-Day VMDR Service
- Disclosure Timeline
- Vendor References
- Frequently Asked Questions (FAQs)
Update May 7, 2021: Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. See the CISA announcement.
Original Post: The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.
#
2021-05-06
Published