CVSS Base Vector:
Linux Distribution Package
exim4 on Debian Linux
For the oldstable distribution
(wheezy), this problem has been fixed in version 4.80-7+deb7u2.
For the stable distribution (jessie), this problem has been fixed in
For the testing distribution (stretch), this problem has been fixed
in version 4.86.2-1.
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your exim4 Linux Distribution Packages.
A local root privilege escalation
vulnerability was found in Exim, Debian's default mail transfer agent, in
configurations using the perl_startup option (Only Exim via
exim4-daemon-heavy enables Perl support).
To address the vulnerability, updated Exim versions clean the complete
execution environment by default, affecting Exim and subprocesses such
as transports calling other programs, and thus may break existing
installations. New configuration options (keep_environment,
add_environment) were introduced to adjust this behavior.
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
This check tests the installed software
version using the apt Linux Distribution Package manager.