CVE-2011-0017

MEDIUM

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

References

ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74

http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html

http://osvdb.org/70696

http://secunia.com/advisories/43101

http://secunia.com/advisories/43128

http://secunia.com/advisories/43243

http://www.debian.org/security/2011/dsa-2154

http://www.securityfocus.com/bid/46065

http://www.ubuntu.com/usn/USN-1060-1

http://www.vupen.com/english/advisories/2011/0224

http://www.vupen.com/english/advisories/2011/0245

http://www.vupen.com/english/advisories/2011/0364

http://www.vupen.com/english/advisories/2011/0464

https://exchange.xforce.ibmcloud.com/vulnerabilities/65028

Details

Source: MITRE

Published: 2011-02-02

Updated: 2017-08-17

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* versions up to 4.72 (inclusive)

Tenable Plugins

View all (8 total)

ID	Name	Product	Family	Severity
75482	openSUSE Security Update : exim (openSUSE-SU-2011:0105-1)	Nessus	SuSE Local Security Checks	medium
72159	GLSA-201401-32 : Exim: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
53716	openSUSE Security Update : exim (openSUSE-SU-2011:0105-1)	Nessus	SuSE Local Security Checks	medium
51963	FreeBSD : exim -- local privilege escalation (44ccfab0-3564-11e0-8e81-0022190034c0)	Nessus	FreeBSD Local Security Checks	medium
51954	Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : exim4 vulnerabilities (USN-1060-1)	Nessus	Ubuntu Local Security Checks	medium
51861	Exim < 4.74 Local Privilege Escalation	Nessus	SMTP problems	medium
5752	Exim < 4.74 Local Privilege Escalation Vulnerability	Nessus Network Monitor	SMTP Servers	high
51819	Debian DSA-2154-1 : exim4 - privilege escalation	Nessus	Debian Local Security Checks	medium