CVE-2011-0017

Exim <4.72 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

References (15)

Core 15
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43128
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46065
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65028
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0224
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0245
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1060-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70696
Various Sources x_refsource_confirm
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0364
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43243
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2154
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0464
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43101

Scores

EPSS 0.0038
EPSS Percentile 29.5%

Details

CWE
CWE-20 CWE-59
Status published
Products (50)
exim/exim 2.10
exim/exim 2.11
exim/exim 2.12
exim/exim 3.00
exim/exim 3.01
exim/exim 3.02
exim/exim 3.03
exim/exim 3.10
exim/exim 3.11
exim/exim 3.12
... and 40 more
Published Feb 02, 2011
Tracked Since Feb 18, 2026