[bitfolk] Exim remote root exploit

13 Dec 2010

...
    For those running Exim <= 4.69 (the default Debian
MTA), you should be
 aware there is an exploit for remote *root* code execution in the wild. 
 I don't know whether to be worried or not... 
 If you run Debian and have not updated in the last 2-3 days then yes
 you need to worry (and may already have been exploited).

  dpkg-query -l exim
 exim          3.36-18.2           An obsolete MTA (Mail Transport
 Agent), replaced by exim4 
 This is a virtual package designed to transition people to exim4
 from years ago. Try again with exim4. You want 4.69-9+lenny1, if
 we're talking about Debian lenny. 

Is there anyway to confirm whether or not this exploit is still
exposed in the 3.36-18.2 package...someone on another list suggested
it was not...

(...not that it might not have other, different exploits or a stack of
other good reasons why it should be upgraded)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[bitfolk] Exim remote root exploit