Descriptiontransports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2010:014, published Mon, 02 Aug 2010 15:00:00 +0000
- openSUSE-SU-2010:0416-1, published Thu, 22 Jul 2010 19:08:10 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA exim-4.86.2-2.2
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:23:48 2013
CVE page last modified: Fri Oct 7 12:45:55 2022