CVE-2011-0017

Published: Feb 2, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

43128

third-party-advisory

x_refsource_SECUNIA

70696

vdb-entry

x_refsource_OSVDB

ADV-2011-0364

vdb-entry

x_refsource_VUPEN

46065

vdb-entry

x_refsource_BID

43243

third-party-advisory

x_refsource_SECUNIA

exim-openlog-privilege-escalation(65028)

vdb-entry

x_refsource_XF

[exim-announce] 20110125 Exim 4.74 Release

mailing-list

x_refsource_MLIST

ADV-2011-0224

vdb-entry

x_refsource_VUPEN

DSA-2154

vendor-advisory

x_refsource_DEBIAN

SUSE-SR:2011:004

vendor-advisory

x_refsource_SUSE

ADV-2011-0464

vdb-entry

x_refsource_VUPEN

43101

third-party-advisory

x_refsource_SECUNIA

ADV-2011-0245

vdb-entry

x_refsource_VUPEN

USN-1060-1

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-0017

Description

Affected Products

References