Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2011-0017 - CERT CVE
CVE-2011-0017
ID
CVE-2011-0017
Sažetak
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
Reference
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://osvdb.org/70696
http://secunia.com/advisories/43101
http://secunia.com/advisories/43128
http://secunia.com/advisories/43243
http://www.debian.org/security/2011/dsa-2154
http://www.securityfocus.com/bid/46065
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2011/0224
http://www.vupen.com/english/advisories/2011/0245
http://www.vupen.com/english/advisories/2011/0364
http://www.vupen.com/english/advisories/2011/0464
https://exchange.xforce.ibmcloud.com/vulnerabilities/65028
CVSS
Base:
6.9
Impact:
10.0
Exploitability:
3.4
Pristup
Vektor
Složenost
Autentikacija
LOCAL
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
COMPLETE
COMPLETE
COMPLETE
CVSS vektor
AV:L/AC:M/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje
17-08-2017 - 01:33
Objavljeno
02-02-2011 - 01:00
