CVE-2011-0017

critical

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65028

http://www.vupen.com/english/advisories/2011/0464

http://www.vupen.com/english/advisories/2011/0364

http://www.vupen.com/english/advisories/2011/0245

http://www.vupen.com/english/advisories/2011/0224

http://www.ubuntu.com/usn/USN-1060-1

http://www.securityfocus.com/bid/46065

http://www.debian.org/security/2011/dsa-2154

http://secunia.com/advisories/43243

http://secunia.com/advisories/43128

http://secunia.com/advisories/43101

http://osvdb.org/70696

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html

http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html

Details

Source: Mitre, NVD

Published: 2011-02-02

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00118

Detections

Analytics