CVE-2011-0017

EPSS 0.12%

Published: 2/2/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-0017

Description

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

Affected packages (1)

Debian/exim4from 0, < 4.72-4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-0017