sa-exim Unauthorized File Access Vulnerability
BID:17110
Info
sa-exim Unauthorized File Access Vulnerability
| Bugtraq ID: | 17110 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2006 12:00AM |
| Updated: | Mar 16 2006 09:35AM |
| Credit: | Chris Morris is credited with the discovery of this vulnerability. |
| Vulnerable: |
sa-exim sa-exim 4.2 sa-exim sa-exim 4.1 sa-exim sa-exim 4.0 |
| Not Vulnerable: |
sa-exim sa-exim 4.2.1 |
Discussion
sa-exim Unauthorized File Access Vulnerability
The 'sa-exim' utility is prone to an unauthorized file-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to delete arbitrary files in the context of the user running the affected application.
The 'sa-exim' utility is prone to an unauthorized file-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to delete arbitrary files in the context of the user running the affected application.
Exploit / POC
sa-exim Unauthorized File Access Vulnerability
An attacker must create a malicious email designed to leverage this issue and send it to a computer using a vulnerable version of the application.
An attacker must create a malicious email designed to leverage this issue and send it to a computer using a vulnerable version of the application.
Solution / Fix
sa-exim Unauthorized File Access Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the referenced vendor advisory for further information.
sa-exim sa-exim 4.1
sa-exim sa-exim 4.2
sa-exim sa-exim 4.0
Solution:
The vendor has released an update to address this issue. Please see the referenced vendor advisory for further information.
sa-exim sa-exim 4.1
-
sa-exim sa-exim-4.2.1.tar.gz
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/files/sa-exim-4.2 .1.tar.gz
sa-exim sa-exim 4.2
-
sa-exim sa-exim-4.2.1.tar.gz
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/files/sa-exim-4.2 .1.tar.gz
sa-exim sa-exim 4.0
-
sa-exim sa-exim-4.2.1.tar.gz
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/files/sa-exim-4.2 .1.tar.gz
References
sa-exim Unauthorized File Access Vulnerability
References:
References:
- sa-exim Changelog (sa-exim)
- sa-exim: Potential for deleting arbitrary local files by remote attack (Chris Morris)