FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exim -- local privilege escalation

Affected packages
exim < 4.74
exim-ldap < 4.74
exim-ldap2 < 4.74
exim-mysql < 4.74
exim-postgresql < 4.74
exim-sa-exim < 4.74

Details

VuXML ID 44ccfab0-3564-11e0-8e81-0022190034c0
Discovery 2011-01-31
Entry 2011-02-10

exim.org reports:

CVE-2011-0017 - check return value of setuid/setgid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files.

References

CVE Name CVE-2011-0017
URL ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74