Secunia
Login
|
|
CVE Reference: CVE-2011-0017 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2011-0017 |
|
|
Description: The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/65028 UBUNTU http://www.ubuntu.com/usn/USN-1060-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html SAID Secunia Advisory: SA43128 Secunia Advisory: SA43243 Secunia Advisory: SA43101 OSVDB 70696 MLIST http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html DEBIAN http://www.debian.org/security/2011/dsa-2154 CONFIRM BID 46065 |
|
| Return to the previous page. |
