CVE-2011-0017 — Improper Input Validation in Exim

CWE-20 — Improper Input Validation CWE-59 — Link Following CWE-122 — Heap-based Buffer Overflow CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 69.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Exim4 Exim

Timeline

PublishedFeb 2

Latest updateMay 17

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.72-4 (bookworm)

▶NVDexim/exim4.72+66

Patches

Patch: lists.exim.org ↗Patch: lists.exim.org ↗

🔴Vulnerability Details

GHSA

GHSA-6w36-rjfw-vf62: The open_log function in log↗2022-05-17

▶

OSV

CVE-2011-0017: The open_log function in log↗2011-02-02

▶

CVEList

CVE-2011-0017: The open_log function in log↗2011-02-02

▶

📋Vendor Advisories

Red Hat

libxml2: Heap-based buffer overflow when decoding an entity reference with a long name↗2012-01-06

▶

Red Hat

libxml2 out of bounds read↗2011-12-13

▶

Ubuntu

Exim vulnerabilities↗2011-02-10

▶

Red Hat

Exim: privilege escalation↗2011-01-25

▶

Debian

CVE-2011-0017: exim4 - The open_log function in log.c in Exim 4.72 and earlier does not check the retur...↗2011

▶

💬Community

Bugzilla

CVE-2011-0017 Exim: privilege escalation↗2011-01-19

▶

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]↗2010-12-03

▶

Bugzilla

CVE-2010-3296 kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory↗2010-09-13

▶