FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0017

This CVE name corresponds to:

Entered Topic
2011-02-10 exim -- local privilege escalation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-0017
Phase Assigned(20101207)

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

References

Source Reference
MLIST [exim-announce] 20110125 Exim 4.74 Release
CONFIRM ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
DEBIAN DSA-2154
SUSE SUSE-SR:2011:004
UBUNTU USN-1060-1
BID 46065
OSVDB 70696
SECUNIA 43101
SECUNIA 43128
SECUNIA 43243
VUPEN ADV-2011-0224
VUPEN ADV-2011-0245
VUPEN ADV-2011-0364
VUPEN ADV-2011-0464
XF exim-openlog-privilege-escalation(65028)