what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2010-2024

Status Candidate

Overview

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

Related Files

Gentoo Linux Security Advisory 201401-32
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4344, CVE-2010-4345, CVE-2011-0017, CVE-2011-1407, CVE-2011-1764, CVE-2012-5671
MD5 | 86774c961d131435e18c1dbf719ed5d0
Ubuntu Security Notice USN-1060-1
Posted Feb 10, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.

tags | advisory, denial of service, local, root
systems | linux, debian, ubuntu
advisories | CVE-2010-2023, CVE-2010-2024, CVE-2010-4345, CVE-2011-0017
MD5 | 45c3edcc9b8301f1a4544a7dcbb9cf4e
Exim Exploit In The Wild Advisory
Posted Dec 13, 2010
Authored by Nigel Metheringham

It has come to the attention of The Exim Maintainers that there is an exploit circulating in the wild which affects versions of Exim versions 4.69 and below. The flaw permits remote code execution over SMTP and, when combined with some clever abuse of Exim's configuration, escalation to root privileges from the Exim run-time user.

tags | advisory, remote, overflow, root, code execution
advisories | CVE-2010-4344, CVE-2010-4345, CVE-2010-2023, CVE-2010-2024
MD5 | 9a35f0a4b058b1257105aad2597dd91a
Exim 4 Symlink / Race Condition Vulnerabilities
Posted Jun 4, 2010
Authored by Dan Rosenberg

Exim 4 suffers from local symlink and race condition vulnerabilites.

tags | advisory, local
advisories | CVE-2010-2023, CVE-2010-2024
MD5 | 9074656fbb59e54a22cbb2af6948a1f9
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close