According to the version from its Banner, the remote Exim is prone to multiple vulnerabilities. 1. Exim creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. 2. Exim is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Versions prior to Exim 4.72 RC2 are vulnerable.
Updates are available please see the references for more information.
Updated on 2015-03-25
- Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
- Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
- MailEnable SMTP HELO Command Denial of Service Vulnerability
- Sendmail Parsing Redirection DOS
- MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities