Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-0017HistoryFeb 02, 2011 - 1:00 a.m.
CVE-2011-0017
2011-02-0201:00:00
Debian Security Bug Tracker
security-tracker.debian.org
11
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | exim4 | < 4.72-4 | exim4_4.72-4_all.deb |
| Debian | 11 | all | exim4 | < 4.72-4 | exim4_4.72-4_all.deb |
| Debian | 10 | all | exim4 | < 4.72-4 | exim4_4.72-4_all.deb |
| Debian | 999 | all | exim4 | < 4.72-4 | exim4_4.72-4_all.deb |
| Debian | 13 | all | exim4 | < 4.72-4 | exim4_4.72-4_all.deb |
Related
nessus
nessus
FreeBSD : exim -- local privilege escalation (44ccfab0-3564-11e0-8e81-0022190034c0)
2011-02-14 00:00:00
Exim < 4.74 Local Privilege Escalation
2011-02-03 00:00:00
openSUSE Security Update : exim (openSUSE-SU-2011:0105-1)
2014-06-13 00:00:00
openvas
openvas
exim -- local privilege escalation
2011-03-05 00:00:00
exim -- local privilege escalation
2011-03-05 00:00:00
Debian: Security Advisory (DSA-2154-1)
2023-03-08 00:00:00
cve
cve
CVE-2011-0017
2011-02-02 01:00:00
prion
prion
Design/Logic Flaw
2011-02-02 01:00:00
freebsd
freebsd
exim -- local privilege escalation
2011-01-31 00:00:00
debian
debian
[SECURITY] [DSA-2154-1] exim4 security update
2011-01-30 10:41:58
[SECURITY] [DSA-2154-2] exim4 regression fix
2011-01-30 22:04:57
[SECURITY] [DSA-2154-1] exim4 security update
2011-01-30 10:41:58
ubuntucve
ubuntucve
CVE-2011-0017
2011-02-01 00:00:00
osv
osv
exim4 - privilege escalation
2011-01-30 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2154-1] exim4 security update
2011-02-03 00:00:00
Exim memory corruption and remote code execution
2011-02-03 00:00:00
ubuntu
ubuntu
Exim vulnerabilities
2011-02-10 00:00:00
gentoo
gentoo
Exim: Multiple vulnerabilities
2014-01-27 00:00:00
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
Related for DEBIANCVE:CVE-2011-0017