CVE-2011-0017
5.9 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
References
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html
lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
osvdb.org/70696
secunia.com/advisories/43101
secunia.com/advisories/43128
secunia.com/advisories/43243
www.debian.org/security/2011/dsa-2154
www.securityfocus.com/bid/46065
www.ubuntu.com/usn/USN-1060-1
www.vupen.com/english/advisories/2011/0224
www.vupen.com/english/advisories/2011/0245
www.vupen.com/english/advisories/2011/0364
www.vupen.com/english/advisories/2011/0464
exchange.xforce.ibmcloud.com/vulnerabilities/65028
Related
5.9 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%