CVE-2016-1531

HIGH

Exim <4.86.2 - Privilege Escalation

Title source: llm

Description

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocallinux

https://www.exploit-db.com/exploits/39702

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Dawid Golunski · textlocallinux

https://www.exploit-db.com/exploits/39549

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Hacker Fantastic · bashlocallinux

https://www.exploit-db.com/exploits/39535

View Code ZIP pw:eip

nomisec WORKING POC

by h3x0v3rl0rd · poc

https://github.com/h3x0v3rl0rd/CVE-2016-1531

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Dawid Golunski, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/local/exim_perl_startup.rb

View Code ZIP pw:eip

References (10)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html

[Exploit] http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html

[Third Party Advisory, US Government Resource] http://www.exim.org/static/doc/CVE-2016-1531.txt

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035512

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2933-1

[Exploit] https://www.exploit-db.com/exploits/39535/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39549/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39702/

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3517

Scores

CVSS v3 7.0

EPSS 0.5677

EPSS Percentile 98.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

exim/exim < 4.86

Published Apr 07, 2016

Tracked Since Feb 18, 2026