6.9
CVE-2011-0017
- EPSS 0.38%
- Veröffentlicht 02.02.2011 01:00:06
- Zuletzt bearbeitet 16.06.2026 23:26:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.295 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://secunia.com/advisories/43243
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2011/0364
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://www.vupen.com/english/advisories/2011/0464
http://secunia.com/advisories/43128
http://www.debian.org/security/2011/dsa-2154
http://www.vupen.com/english/advisories/2011/0245
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html
http://osvdb.org/70696
http://secunia.com/advisories/43101
http://www.securityfocus.com/bid/46065
http://www.vupen.com/english/advisories/2011/0224
https://exchange.xforce.ibmcloud.com/vulnerabilities/65028