Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-0017

Published: 1 February 2011

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Notes

AuthorNote
mdeslaur
may have been introduced by fix for CVE-2010-4345...

Priority

Medium

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
upstream
Released (4.74~rc2-1)
dapper
Released (4.60-3ubuntu3.3)
hardy
Released (4.69-2ubuntu0.3)
karmic
Released (4.69-11ubuntu4.2)
lucid
Released (4.71-3ubuntu1.1)
maverick
Released (4.72-1ubuntu1.1)
Patches:
upstream: http://git.exim.org/exim.git/commit/1670ef10063d7708eb736a482d1ad25b9c59521d
upstream: http://git.exim.org/exim.git/commit/33191679e1a86ba6d9c38a74d0795d00c300f2c5 (regression fix)