CVE-2011-0017 in Serverinfo

Summary

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/07/2010

Disclosure

02/01/2011

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
4280	Exim Server open_log link following	59	Not defined	Official fix	CVE-2011-0017

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!