exim -- local privilege escalation

2011-01-3100:00:00

vuxml.freebsd.org

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

exim.org reports:

CVE-2011-0017 - check return value of setuid/setgid. This is a
privilege escalation vulnerability whereby the Exim run-time user
can cause root to append content of the attacker’s choosing to
arbitrary files.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchexim< 4.74UNKNOWN
FreeBSDanynoarchexim-ldap< 4.74UNKNOWN
FreeBSDanynoarchexim-ldap2< 4.74UNKNOWN
FreeBSDanynoarchexim-mysql< 4.74UNKNOWN
FreeBSDanynoarchexim-postgresql< 4.74UNKNOWN
FreeBSDanynoarchexim-sa-exim< 4.74UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	exim	< 4.74	UNKNOWN
FreeBSD	any	noarch	exim-ldap	< 4.74	UNKNOWN
FreeBSD	any	noarch	exim-ldap2	< 4.74	UNKNOWN
FreeBSD	any	noarch	exim-mysql	< 4.74	UNKNOWN
FreeBSD	any	noarch	exim-postgresql	< 4.74	UNKNOWN
FreeBSD	any	noarch	exim-sa-exim	< 4.74	UNKNOWN