National Cyber Awareness System

Vulnerability Summary for CVE-2010-2023

Overview

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25

Type: Patch Information

Hyperlink:http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=600093

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=600093

External Source: XF

Name: exim-mail-directory-priv-escalation(59043)

Hyperlink:http://xforce.iss.net/xforce/xfdb/59043

External Source: VUPEN

Name: ADV-2011-0364

Hyperlink:http://www.vupen.com/english/advisories/2011/0364

External Source: VUPEN

Name: ADV-2010-1402

Hyperlink:http://www.vupen.com/english/advisories/2010/1402

External Source: UBUNTU

Name: USN-1060-1

Hyperlink:http://www.ubuntu.com/usn/USN-1060-1

External Source: BID

Name: 40451

Hyperlink:http://www.securityfocus.com/bid/40451

External Source: BUGTRAQ

Name: 20100603 Multiple vulnerabilities in Exim

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/511653/100/0/threaded

External Source: CONFIRM

Name: http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

Hyperlink:http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

External Source: SECUNIA

Name: 43243

Hyperlink:http://secunia.com/advisories/43243

External Source: SECUNIA

Name: 40123

Hyperlink:http://secunia.com/advisories/40123

External Source: SECUNIA

Name: 40019

Type: Advisory

Hyperlink:http://secunia.com/advisories/40019

External Source: SUSE

Name: SUSE-SR:2010:014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

External Source: FEDORA

Name: FEDORA-2010-9524

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html

External Source: FEDORA

Name: FEDORA-2010-9506

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html

External Source: MLIST

Name: [exim-dev] 20100524 Security issues in exim4 local delivery

Hyperlink:http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html

External Source: CONFIRM

Name: http://bugs.exim.org/show_bug.cgi?id=988

Hyperlink:http://bugs.exim.org/show_bug.cgi?id=988

External Source: FULLDISC

Name: 20100603 Multiple vulnerabilities in Exim

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html