[manjaro-security] [ASA-202503-1] exim: privilege escalation
Levente Polyak
anthraxx at archlinux.org
Wed Mar 26 20:40:28 CET 2025
Arch Linux Security Advisory ASA-202503-1
=========================================
Severity: High
Date : 2025-03-26
CVE-ID : CVE-2025-30232
Package : exim
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-2859
Summary
=======
The package exim before version 4.98.2-1 is vulnerable to privilege
escalation.
Resolution
==========
Upgrade to 4.98.2-1.
# pacman -Syu "exim>=4.98.2-1"
The problem has been fixed upstream in version 4.98.2.
Workaround
==========
None.
Description
===========
A use-after-free has been discovered in exim that can lead to potential
privilege escalation due to the lack of nulling out the
debug_pretrigger_buf pointer before freeing the buffer by the storage
management.
Impact
======
A local unprivileged attacker is able to escalate privileges on the
affected host.
References
==========
https://exim.org/static/doc/security/CVE-2025-30232.txt
https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html
https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafcbf55
https://security.archlinux.org/CVE-2025-30232
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20250326/6db89e41/attachment.sig>
More information about the manjaro-security
mailing list