Alert for a CVE
Stay informed of any changes for a specific CVE.
Descriptions
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. |
Metrics
| Metric | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Products Mentioned
Configuraton 0
Exim>>Exim >> Version To (including) 4.71
- Exim>>Exim >> Version - (Open CPE detail)
- Exim>>Exim >> Version 2.10 (Open CPE detail)
- Exim>>Exim >> Version 2.11 (Open CPE detail)
- Exim>>Exim >> Version 2.12 (Open CPE detail)
- Exim>>Exim >> Version 3.00 (Open CPE detail)
- Exim>>Exim >> Version 3.01 (Open CPE detail)
- Exim>>Exim >> Version 3.02 (Open CPE detail)
- Exim>>Exim >> Version 3.03 (Open CPE detail)
- Exim>>Exim >> Version 3.10 (Open CPE detail)
- Exim>>Exim >> Version 3.11 (Open CPE detail)
- Exim>>Exim >> Version 3.12 (Open CPE detail)
- Exim>>Exim >> Version 3.13 (Open CPE detail)
- Exim>>Exim >> Version 3.14 (Open CPE detail)
- Exim>>Exim >> Version 3.15 (Open CPE detail)
- Exim>>Exim >> Version 3.16 (Open CPE detail)
- Exim>>Exim >> Version 3.20 (Open CPE detail)
- Exim>>Exim >> Version 3.21 (Open CPE detail)
- Exim>>Exim >> Version 3.22 (Open CPE detail)
- Exim>>Exim >> Version 3.30 (Open CPE detail)
- Exim>>Exim >> Version 3.31 (Open CPE detail)
- Exim>>Exim >> Version 3.32 (Open CPE detail)
- Exim>>Exim >> Version 3.33 (Open CPE detail)
- Exim>>Exim >> Version 3.34 (Open CPE detail)
- Exim>>Exim >> Version 3.35 (Open CPE detail)
- Exim>>Exim >> Version 3.36 (Open CPE detail)
- Exim>>Exim >> Version 4.00 (Open CPE detail)
- Exim>>Exim >> Version 4.01 (Open CPE detail)
- Exim>>Exim >> Version 4.02 (Open CPE detail)
- Exim>>Exim >> Version 4.03 (Open CPE detail)
- Exim>>Exim >> Version 4.04 (Open CPE detail)
- Exim>>Exim >> Version 4.05 (Open CPE detail)
- Exim>>Exim >> Version 4.10 (Open CPE detail)
- Exim>>Exim >> Version 4.11 (Open CPE detail)
- Exim>>Exim >> Version 4.12 (Open CPE detail)
- Exim>>Exim >> Version 4.14 (Open CPE detail)
- Exim>>Exim >> Version 4.20 (Open CPE detail)
- Exim>>Exim >> Version 4.21 (Open CPE detail)
- Exim>>Exim >> Version 4.22 (Open CPE detail)
- Exim>>Exim >> Version 4.23 (Open CPE detail)
- Exim>>Exim >> Version 4.24 (Open CPE detail)
- Exim>>Exim >> Version 4.30 (Open CPE detail)
- Exim>>Exim >> Version 4.31 (Open CPE detail)
- Exim>>Exim >> Version 4.32 (Open CPE detail)
- Exim>>Exim >> Version 4.33 (Open CPE detail)
- Exim>>Exim >> Version 4.34 (Open CPE detail)
- Exim>>Exim >> Version 4.40 (Open CPE detail)
- Exim>>Exim >> Version 4.41 (Open CPE detail)
- Exim>>Exim >> Version 4.42 (Open CPE detail)
- Exim>>Exim >> Version 4.43 (Open CPE detail)
- Exim>>Exim >> Version 4.44 (Open CPE detail)
- Exim>>Exim >> Version 4.50 (Open CPE detail)
- Exim>>Exim >> Version 4.51 (Open CPE detail)
- Exim>>Exim >> Version 4.52 (Open CPE detail)
- Exim>>Exim >> Version 4.53 (Open CPE detail)
- Exim>>Exim >> Version 4.54 (Open CPE detail)
- Exim>>Exim >> Version 4.60 (Open CPE detail)
- Exim>>Exim >> Version 4.61 (Open CPE detail)
- Exim>>Exim >> Version 4.62 (Open CPE detail)
- Exim>>Exim >> Version 4.63 (Open CPE detail)
- Exim>>Exim >> Version 4.64 (Open CPE detail)
- Exim>>Exim >> Version 4.65 (Open CPE detail)
- Exim>>Exim >> Version 4.66 (Open CPE detail)
- Exim>>Exim >> Version 4.67 (Open CPE detail)
- Exim>>Exim >> Version 4.68 (Open CPE detail)
- Exim>>Exim >> Version 4.69 (Open CPE detail)
- Exim>>Exim >> Version 4.70 (Open CPE detail)
- Exim>>Exim >> Version 4.71 (Open CPE detail)
Exim>>Exim >> Version 4.10
- Exim>>Exim >> Version 4.10 (Open CPE detail)
Exim>>Exim >> Version 4.20
- Exim>>Exim >> Version 4.20 (Open CPE detail)
Exim>>Exim >> Version 4.21
- Exim>>Exim >> Version 4.21 (Open CPE detail)
Exim>>Exim >> Version 4.22
- Exim>>Exim >> Version 4.22 (Open CPE detail)
Exim>>Exim >> Version 4.23
- Exim>>Exim >> Version 4.23 (Open CPE detail)
Exim>>Exim >> Version 4.24
- Exim>>Exim >> Version 4.24 (Open CPE detail)
Exim>>Exim >> Version 4.30
- Exim>>Exim >> Version 4.30 (Open CPE detail)
Exim>>Exim >> Version 4.31
- Exim>>Exim >> Version 4.31 (Open CPE detail)
Exim>>Exim >> Version 4.32
- Exim>>Exim >> Version 4.32 (Open CPE detail)
Exim>>Exim >> Version 4.33
- Exim>>Exim >> Version 4.33 (Open CPE detail)
Exim>>Exim >> Version 4.34
- Exim>>Exim >> Version 4.34 (Open CPE detail)
Exim>>Exim >> Version 4.40
- Exim>>Exim >> Version 4.40 (Open CPE detail)
Exim>>Exim >> Version 4.41
- Exim>>Exim >> Version 4.41 (Open CPE detail)
Exim>>Exim >> Version 4.42
- Exim>>Exim >> Version 4.42 (Open CPE detail)
Exim>>Exim >> Version 4.43
- Exim>>Exim >> Version 4.43 (Open CPE detail)
Exim>>Exim >> Version 4.44
- Exim>>Exim >> Version 4.44 (Open CPE detail)
Exim>>Exim >> Version 4.50
- Exim>>Exim >> Version 4.50 (Open CPE detail)
Exim>>Exim >> Version 4.51
- Exim>>Exim >> Version 4.51 (Open CPE detail)
Exim>>Exim >> Version 4.52
- Exim>>Exim >> Version 4.52 (Open CPE detail)
Exim>>Exim >> Version 4.53
- Exim>>Exim >> Version 4.53 (Open CPE detail)
Exim>>Exim >> Version 4.54
- Exim>>Exim >> Version 4.54 (Open CPE detail)
Exim>>Exim >> Version 4.60
- Exim>>Exim >> Version 4.60 (Open CPE detail)
Exim>>Exim >> Version 4.61
- Exim>>Exim >> Version 4.61 (Open CPE detail)
Exim>>Exim >> Version 4.62
- Exim>>Exim >> Version 4.62 (Open CPE detail)
Exim>>Exim >> Version 4.63
- Exim>>Exim >> Version 4.63 (Open CPE detail)
Exim>>Exim >> Version 4.64
- Exim>>Exim >> Version 4.64 (Open CPE detail)
Exim>>Exim >> Version 4.65
- Exim>>Exim >> Version 4.65 (Open CPE detail)
Exim>>Exim >> Version 4.66
- Exim>>Exim >> Version 4.66 (Open CPE detail)
Exim>>Exim >> Version 4.67
- Exim>>Exim >> Version 4.67 (Open CPE detail)
Exim>>Exim >> Version 4.68
- Exim>>Exim >> Version 4.68 (Open CPE detail)
Exim>>Exim >> Version 4.69
- Exim>>Exim >> Version 4.69 (Open CPE detail)
Exim>>Exim >> Version 4.70
- Exim>>Exim >> Version 4.70 (Open CPE detail)
References
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
Tags : mailing-list, x_refsource_FULLDISC
Tags : mailing-list, x_refsource_FULLDISC
http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
Tags : mailing-list, x_refsource_MLIST
Tags : mailing-list, x_refsource_MLIST
http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/511653/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
2024©
tesweb SA
