Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Exim | Exim | 4.00 (including) | 4.94.2 (excluding) |
Exim4 | Ubuntu | bionic | * |
Exim4 | Ubuntu | devel | * |
Exim4 | Ubuntu | esm-infra/xenial | * |
Exim4 | Ubuntu | focal | * |
Exim4 | Ubuntu | groovy | * |
Exim4 | Ubuntu | hirsute | * |
Exim4 | Ubuntu | impish | * |
Exim4 | Ubuntu | jammy | * |
Exim4 | Ubuntu | trusty | * |
Exim4 | Ubuntu | trusty/esm | * |
Exim4 | Ubuntu | xenial | * |