CVE-2017-1000369

Priority
Medium
Description
Exim supports the use of multiple "-p" command line arguments which are
malloc()'ed and never free()'ed, used in conjunction with other issues
allows attackers to cause arbitrary code execution. This affects exim
version 4.89 and earlier. Please note that at this time upstream has
released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it
is not known if a new point release is available that addresses this issue
at this time.
Ubuntu-Description
It was discovered that Exim did not properly deallocate memory when
processing certain command line arguments. A local attacker could use
this in conjunction with another vulnerability to possibly execute
arbitrary code and gain administrative privileges.
References
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (4.89-3ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (4.82-3ubuntu2.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.86.2-2ubuntu2.2)
Ubuntu 17.04 (Zesty Zapus):released (4.88-5ubuntu1.1)
More Information

Updated: 2017-08-11 23:55:38 UTC (commit 13081)