CVE-2014-2972

Published: 04 September 2014

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

Priority

Low

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
Upstream
Released (4.82.1-2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.82-3ubuntu2.1)
Patches:
Upstream: http://git.exim.org/exim.git/commit/7685ce68148a083d7759e78d01aa5198fc099c44
Upstream: http://git.exim.org/exim.git/commit/0de7239e563eff6e83c3e72d7deb9fd26a54a3a7