The Exim project has announced a potentially (locally-?)exploitable UAF in
versions 4.96 through 4.98.1.

Bulletin posted to <https://exim.org/static/doc/security/CVE-2025-30232.txt>:

> # CVE 2025-30232

> ## Timeline

> - 2025/03/13 Report received
> - 2025/03/18 ACK sent to reporter
> - 2025/03/19 CVE assigned
> - 2025/03/19 Distros heads-up mail, to <dist...@vs.openwall.org> and 
> <exim-maintain...@lists.exim.org>
> - 2025/03/21 14:00 UTC Security Release available for (only) Distros
> - 2025/03/25 14:00 UTC Public heads-up notification, to 
> <exim-annou...@lists.exim.org>
> - 2025/03/26 14:00 UTC Published the changes on 
> https://code.exim.org/exim/exim.git


> ## Details

> A use-after-free is possible, with potential for privilege escalation.

> The following conditions have to be met for being vulnerable:

> - Exim Version
>      - 4.96
>      - 4.97
>      - 4.98
>      - 4.98.1
>  - Command-line access

> ## Acknowledgements

> Thanks to Trend Micro for reporting this issue in a responsible manner.
> - Ref: ZDI-CAN-26250
> - Email: <zdi-disclosu...@trendmicro.com>

At least Debian bookworm ships with 4.96. Security tracker lists bookworm as
vulnerable with version 4.96-15+deb12u6, but apt upgrade just now installed
4.96-15+deb12u7 containing a binary dated 4 days ago from the security
repository.

 -Valtteri
 

Reply via email to