Computer Security
[EN] securityvulns.ru no-pyccku


Exim hard links vulnerability
Published:08.06.2010
Source:
SecurityVulns ID:10905
Type:local
Threat Level:
5/10
Description:Hard links vulnerability on mail dirs and lock files handling.
Affected:EXIM : Exim 4.71
CVE:CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.)
 CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.)
Original documentdocumentDan Rosenberg, Multiple vulnerabilities in Exim (08.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod