cbcvebase.
CVE-2010-2023
published 2010-06-07

CVE-2010-2023: transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files…

PriorityP414medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.28%
19.7th percentile
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
debianexim4< exim4 4.72-1 (bookworm)exim4 4.72-1 (bookworm)
eximexim<= 4.71
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim

CVSS provenance

nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
cisa7.8HIGH
vendor_redhat7.8HIGH
vendor_debian4.4LOW
vendor_ubuntu4.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.