Rapid7 Vulnerability & Exploit Database

USN-1060-1: Exim vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-1060-1: Exim vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

02/01/2011

Created

07/25/2018

Added

05/06/2013

Modified

05/03/2022

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Solution(s)

ubuntu-upgrade-exim4-daemon-custom
ubuntu-upgrade-exim4-daemon-heavy
ubuntu-upgrade-exim4-daemon-light

References

https://attackerkb.com/topics/cve-2010-2023
40451
40454
45341
46065
758489
CVE - 2010-2023
CVE - 2010-2024
CVE - 2010-4345
CVE - 2011-0017
DSA-2131
DSA-2154
70696
RHSA-2011:0153
SUSE-SA:2010:059
USN-1060-1
59042
59043
65028

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;