Vulnerability & Exploit Database

Back to search

USN-1060-1: Exim vulnerabilities

Severity CVSS Published Added Modified
7 (AV:L/AC:M/Au:N/C:C/I:C/A:C) February 01, 2011 May 06, 2013 July 04, 2017

Available Exploits 

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

ubuntu-upgrade-exim4-daemon-custom

Related Vulnerabilities