Lucene search
Ubuntu.comUB:CVE-2011-0017HistoryFeb 01, 2011 - 12:00 a.m.
CVE-2011-0017
2011-02-0100:00:00
ubuntu.com
ubuntu.com
14
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
The open_log function in log.c in Exim 4.72 and earlier does not check the
return value from (1) setuid or (2) setgid system calls, which allows local
users to append log data to arbitrary files via a symlink attack.
Bugs
- <https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/708023>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610611>
- <http://bugs.exim.org/show_bug.cgi?id=1071>
Notes
| Author | Note |
|---|---|
| mdeslaur | may have been introduced by fix for CVE-2010-4345… |
Related
nessus
nessus
Debian DSA-2154-1 : exim4 - privilege escalation
2011-01-31 00:00:00
debian
debian
[SECURITY] [DSA-2154-1] exim4 security update
2011-01-30 10:41:58
[SECURITY] [DSA-2154-2] exim4 regression fix
2011-01-30 22:04:57
[SECURITY] [DSA-2154-1] exim4 security update
2011-01-30 10:41:58
openvas
openvas
Debian: Security Advisory (DSA-2154-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-1060-1)
2011-02-11 00:00:00
Ubuntu Update for exim4 vulnerabilities USN-1060-1
2011-02-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2154-1] exim4 security update
2011-02-03 00:00:00
Exim memory corruption and remote code execution
2011-02-03 00:00:00
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
2010-12-12 00:00:00
osv
osv
exim4 - privilege escalation
2011-01-30 00:00:00
exim4 - remote code execution
2010-12-10 00:00:00
ubuntu
ubuntu
Exim vulnerabilities
2011-02-10 00:00:00
cve
cve
CVE-2011-0017
2011-02-02 01:00:00
CVE-2010-4345
2010-12-14 16:00:00
debiancve
debiancve
CVE-2011-0017
2011-02-02 01:00:00
CVE-2010-4345
2010-12-14 16:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:53:13
attackerkb
attackerkb
CVE-2010-4345
2010-12-14 00:00:00
prion
prion
Design/Logic Flaw
2010-12-14 16:00:00
Design/Logic Flaw
2011-02-02 01:00:00
cisa_kev
cisa_kev
Exim Privilege Escalation Vulnerability
2022-03-25 00:00:00
redhat
redhat
(RHSA-2011:0153) Moderate: exim security update
2011-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2010-4345
2010-12-14 00:00:00
oraclelinux
oraclelinux
exim security update
2011-01-17 00:00:00
cert
cert
Exim alternate configuration privilege escalation vulnerability
2010-12-13 00:00:00
freebsd
freebsd
exim -- local privilege escalation
2011-01-31 00:00:00
exim -- local privilege escalation
2010-12-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Exim Remote Code Execution (CVE-2010-4345)
2022-05-02 00:00:00
seebug
seebug
Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
2014-07-01 00:00:00
metasploit
metasploit
Exim4 string_format Function Heap Buffer Overflow
2010-12-11 10:55:24
centos
centos
exim security update
2011-01-27 09:23:09
suse
suse
remote code execution in exim
2010-12-13 10:39:26
packetstorm
packetstorm
Exim4 <= 4.69 string_format Function Heap Buffer Overflow
2010-12-11 00:00:00
exploitdb
exploitdb
Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
2010-12-16 00:00:00
gentoo
gentoo
Exim: Multiple vulnerabilities
2014-01-27 00:00:00
nmap
nmap
smtp-vuln-cve2010-4344 NSE Script
2011-06-24 15:37:53
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
Related for UB:CVE-2011-0017