CVE - CVE-2014-2972

CVE-ID
CVE-2014-2972	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[exim] 20140722 [exim] Exim 4.83 Released URL:https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html MLIST:[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972 URL:https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html CONFIRM:http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1122552 FEDORA:FEDORA-2014-8803 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html FEDORA:FEDORA-2014-8865 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html GENTOO:GLSA-201607-12 URL:https://security.gentoo.org/glsa/201607-12 UBUNTU:USN-2933-1 URL:http://www.ubuntu.com/usn/USN-2933-1
Assigning CNA
N/A
Date Entry Created
20140421	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140421)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org