PRIOn knowledge basePRION:CVE-2011-0017

HistoryFeb 02, 2011 - 1:00 a.m.

Design/Logic Flaw

2011-02-0201:00:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

CPENameOperatorVersion
eximeq2.11
eximeq4.70
eximeq4.69
eximeq4.66
eximeq4.10
eximeq3.16
eximeq3.21
eximeq3.01
eximeq3.31
eximeq4.24

Name	Operator	Version
exim	eq	2.11
exim	eq	4.70
exim	eq	4.69
exim	eq	4.66
exim	eq	4.10
exim	eq	3.16
exim	eq	3.21
exim	eq	3.01
exim	eq	3.31
exim	eq	4.24

Rows per page:

1-10 of 671

References

ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74

lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html

lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html

osvdb.org/70696

secunia.com/advisories/43101

secunia.com/advisories/43128

secunia.com/advisories/43243

www.debian.org/security/2011/dsa-2154

www.securityfocus.com/bid/46065

www.ubuntu.com/usn/USN-1060-1

www.vupen.com/english/advisories/2011/0224

www.vupen.com/english/advisories/2011/0245

www.vupen.com/english/advisories/2011/0364

www.vupen.com/english/advisories/2011/0464

exchange.xforce.ibmcloud.com/vulnerabilities/65028

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for PRION:CVE-2011-0017