{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T09:57:01.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "DSA-3517", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3517"}, {"name": "39535", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39535/"}, {"name": "1035512", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035512"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"}, {"name": "openSUSE-SU-2016:0721", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"}, {"name": "39702", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39702/"}, {"name": "USN-2933-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2933-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"}, {"name": "39549", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39549/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1531", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3517", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3517"}, {"name": "39535", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39535/"}, {"name": "1035512", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035512"}, {"name": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"}, {"name": "openSUSE-SU-2016:0721", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"}, {"name": "39702", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39702/"}, {"name": "USN-2933-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2933-1"}, {"name": "http://www.exim.org/static/doc/CVE-2016-1531.txt", "refsource": "CONFIRM", "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"}, {"name": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"}, {"name": "39549", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39549/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:02:11.867Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3517", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3517"}, {"name": "39535", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39535/"}, {"name": "1035512", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035512"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"}, {"name": "openSUSE-SU-2016:0721", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"}, {"name": "39702", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39702/"}, {"name": "USN-2933-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2933-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"}, {"name": "39549", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39549/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1531", "datePublished": "2016-04-07T23:00:00.000Z", "dateReserved": "2016-01-07T00:00:00.000Z", "dateUpdated": "2024-08-05T23:02:11.867Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "E87F70CB-408F-4899-905C-238E45B0FDCE", "versionEndIncluding": "4.86", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."}, {"lang": "es", "value": "Exim en versiones anteriores a 4.86.2, cuando est\u00e1 instalado setuid root, permite a usuarios locales obtener privilegios a trav\u00e9s del argumento perl_startup."}], "id": "CVE-2016-1531", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-07T23:59:04.847", "references": [{"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2016/dsa-3517"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"}, {"source": "cret@cert.org", "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id/1035512"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-2933-1"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/39535/"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/39549/"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/39702/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2933-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/39535/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/39549/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/39702/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "exim: local root privilege escalation for configurations with perl_startup", "id": "1314293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314293"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "draft"}, "cwe": "CWE-426", "details": ["Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."], "name": "CVE-2016-1531", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1531\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1531\nhttp://exim.org/static/doc/CVE-2016-1531.txt"], "statement": "This issue affects the version of exim as shipped with Red Hat Enterprise Linux 4 and 5. However, the default configurations are not affected, as they do not use 'perl_startup' directive.\nRed Hat Enterprise Linux 4 is now in Extended Life Cycle phase of the support and maintenance life cycle, and Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important"}

{}