[Importan] Exim bugs, user can gain root access

Discussion in 'Masalah Teknik dan Keamanan' started by junior riau, 11 Apr 2016.

Thread Status:
Not open for further replies.
  1. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    Hi all
    Ini mau kasih info, dari cPanelnya ini bugs bulan maret, tapi tidak apa apa disebarin saja.
    Kebetulan salah satu server saya, manual update, jadi, exim saya bermasalah, dan di benerin oleh cPanel (lagi diluar kota gak bawa laptop). Didapat info, exim versinya sudah old, walaupun sudah cPanel 11.54 tapi build nya belum latest. jadi sudah di update, dan diberi bahan bacaan sama cPanel tech support

    https://documentation.cpanel.net/display/CKB/CVE-2016-1531+Exim

    sedikit quote
    "
    Impact
    According to Exim development: "All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (this is normally *any* user) can gain root privileges."
    "
    Lumayan bisa bikin joget kalau sudah kena exploit :24:

    Sekian info dari saya semoga bermanfaat
     
  2. GPLHosting

    GPLHosting Expert 2.0

    Messages:
    977
    Likes Received:
    466
    Trophy Points:
    63
    Thx om Hafidz, tp saya pakai Postfix.
     
  3. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    sama sama om ^_^
     
  4. HostingMurahAja

    HostingMurahAja Apprentice 2.0

    Messages:
    553
    Likes Received:
    61
    Trophy Points:
    28
    Thanks infonya tuan :113:
     
  5. HostinganID

    HostinganID Apprentice 1.0

    Messages:
    339
    Likes Received:
    67
    Trophy Points:
    28
    Terimakasih infonya om :-bd
     
  6. paijo2

    paijo2 Apprentice 1.0

    Messages:
    233
    Likes Received:
    30
    Trophy Points:
    28
    ini berarti user harus punya shell access kan ?
     
  7. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    nope, kurang tau juga, tapi saya gak ada test exploit
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...