CVE-2014-2972

Priority
Low
Description
expand.c in Exim before 4.83 expands mathematical comparisons twice, which
allows local users to gain privileges and execute arbitrary commands via a
crafted lookup value.
References
Bugs
Notes
 mdeslaur> patch may introduce behaviour change
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:released (4.82.1-2)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.82-3ubuntu2.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.84~RC1-3ubuntu2)
Patches:
Upstream:http://git.exim.org/exim.git/commit/7685ce68148a083d7759e78d01aa5198fc099c44
Upstream:http://git.exim.org/exim.git/commit/0de7239e563eff6e83c3e72d7deb9fd26a54a3a7
More Information

Updated: 2017-12-15 20:33:31 UTC (commit 13913)