CVE-2011-0017
Published: 1 February 2011
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
Notes
Author | Note |
---|---|
mdeslaur | may have been introduced by fix for CVE-2010-4345... |
Priority
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
dapper |
Released
(4.60-3ubuntu3.3)
|
hardy |
Released
(4.69-2ubuntu0.3)
|
|
karmic |
Released
(4.69-11ubuntu4.2)
|
|
lucid |
Released
(4.71-3ubuntu1.1)
|
|
maverick |
Released
(4.72-1ubuntu1.1)
|
|
upstream |
Released
(4.74~rc2-1)
|
|
Patches: upstream: http://git.exim.org/exim.git/commit/1670ef10063d7708eb736a482d1ad25b9c59521d upstream: http://git.exim.org/exim.git/commit/33191679e1a86ba6d9c38a74d0795d00c300f2c5 |