Security Advisory

CVE-2011-0017

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2011-02-02 00:00:00

Last updated 2024-08-06 21:36:02

Assigner redhat

State PUBLISHED

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

← Browse all CVEs View on cve.org ↗