Upstream information
Description
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 6.9 |
Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SR:2011:004, published Tue, 22 Feb 2011 13:00:00 +0000
- openSUSE-SU-2011:0105-1, published Tue, 8 Feb 2011 13:08:18 +0100 (CET)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA exim-4.86.2-2.2 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 04:15:40 2013CVE page last modified: Fri Oct 7 12:46:01 2022