QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2024

Published: Jun 7, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20100603 Multiple vulnerabilities in Exim

mailing-list

x_refsource_FULLDISC

https://bugzilla.redhat.com/show_bug.cgi?id=600097

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

exim-mbx-symlink(59042)

vdb-entry

x_refsource_XF

http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[exim-dev] 20100524 Security issues in exim4 local delivery

mailing-list

x_refsource_MLIST

http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20100603 Multiple vulnerabilities in Exim

mailing-list

x_refsource_BUGTRAQ

FEDORA-2010-9524

vendor-advisory

x_refsource_FEDORA

SUSE-SR:2010:014

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

http://bugs.exim.org/show_bug.cgi?id=989

x_refsource_CONFIRM

FEDORA-2010-9506

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.