Lucene search

[email protected]NVD:CVE-2011-0017

HistoryFeb 02, 2011 - 1:00 a.m.

CVE-2011-0017

2011-02-0201:00:06

CWE-20

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

4.9

Confidence

High

EPSS

Percentile

10.1%

JSON

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Affected configurations

Nvd

Node

eximeximRange≤4.72

eximeximMatch2.10

eximeximMatch2.11

eximeximMatch2.12

eximeximMatch3.00

eximeximMatch3.01

eximeximMatch3.02

eximeximMatch3.03

eximeximMatch3.10

eximeximMatch3.11

eximeximMatch3.12

eximeximMatch3.13

eximeximMatch3.14

eximeximMatch3.15

eximeximMatch3.16

eximeximMatch3.20

eximeximMatch3.21

eximeximMatch3.22

eximeximMatch3.30

eximeximMatch3.31

eximeximMatch3.32

eximeximMatch3.33

eximeximMatch3.34

eximeximMatch3.35

eximeximMatch3.36

eximeximMatch4.00

eximeximMatch4.01

eximeximMatch4.02

eximeximMatch4.03

eximeximMatch4.04

eximeximMatch4.05

eximeximMatch4.10

eximeximMatch4.11

eximeximMatch4.12

eximeximMatch4.14

eximeximMatch4.20

eximeximMatch4.21

eximeximMatch4.22

eximeximMatch4.23

eximeximMatch4.24

eximeximMatch4.30

eximeximMatch4.31

eximeximMatch4.32

eximeximMatch4.33

eximeximMatch4.34

eximeximMatch4.40

eximeximMatch4.41

eximeximMatch4.42

eximeximMatch4.43

eximeximMatch4.44

eximeximMatch4.50

eximeximMatch4.51

eximeximMatch4.52

eximeximMatch4.53

eximeximMatch4.54

eximeximMatch4.60

eximeximMatch4.61

eximeximMatch4.62

eximeximMatch4.63

eximeximMatch4.64

eximeximMatch4.65

eximeximMatch4.66

eximeximMatch4.67

eximeximMatch4.68

eximeximMatch4.69

eximeximMatch4.70

eximeximMatch4.71

VendorProductVersionCPE
eximexim*cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
eximexim2.10cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*
eximexim2.11cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*
eximexim2.12cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*
eximexim3.00cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*
eximexim3.01cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*
eximexim3.02cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*
eximexim3.03cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*
eximexim3.10cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*
eximexim3.11cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exim	exim	*	cpe:2.3:a:exim:exim::::::::
exim	exim	2.10	cpe:2.3:a:exim:exim:2.10:::::::*
exim	exim	2.11	cpe:2.3:a:exim:exim:2.11:::::::*
exim	exim	2.12	cpe:2.3:a:exim:exim:2.12:::::::*
exim	exim	3.00	cpe:2.3:a:exim:exim:3.00:::::::*
exim	exim	3.01	cpe:2.3:a:exim:exim:3.01:::::::*
exim	exim	3.02	cpe:2.3:a:exim:exim:3.02:::::::*
exim	exim	3.03	cpe:2.3:a:exim:exim:3.03:::::::*
exim	exim	3.10	cpe:2.3:a:exim:exim:3.10:::::::*
exim	exim	3.11	cpe:2.3:a:exim:exim:3.11:::::::*