Lucene search

MitreCVE-2010-2024

HistoryJun 07, 2010 - 5:12 p.m.

CVE-2010-2024

2010-06-0717:12:48

CWE-362

mitre

web.nvd.nist.gov

exim

cve-2010-2024

mbx locking

symlink attack

denial of service

privilege escalation

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

Percentile

10.1%

JSON

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

Affected configurations

Nvd

Node

eximeximRange≤4.71

eximeximMatch4.10

eximeximMatch4.20

eximeximMatch4.21

eximeximMatch4.22

eximeximMatch4.23

eximeximMatch4.24

eximeximMatch4.30

eximeximMatch4.31

eximeximMatch4.32

eximeximMatch4.33

eximeximMatch4.34

eximeximMatch4.40

eximeximMatch4.41

eximeximMatch4.42

eximeximMatch4.43

eximeximMatch4.44

eximeximMatch4.50

eximeximMatch4.51

eximeximMatch4.52

eximeximMatch4.53

eximeximMatch4.54

eximeximMatch4.60

eximeximMatch4.61

eximeximMatch4.62

eximeximMatch4.63

eximeximMatch4.64

eximeximMatch4.65

eximeximMatch4.66

eximeximMatch4.67

eximeximMatch4.68

eximeximMatch4.69

eximeximMatch4.70

VendorProductVersionCPE
eximexim*cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
eximexim4.10cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
eximexim4.20cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
eximexim4.21cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
eximexim4.22cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
eximexim4.23cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
eximexim4.24cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
eximexim4.30cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
eximexim4.31cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
eximexim4.32cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exim	exim	*	cpe:2.3:a:exim:exim::::::::
exim	exim	4.10	cpe:2.3:a:exim:exim:4.10:::::::*
exim	exim	4.20	cpe:2.3:a:exim:exim:4.20:::::::*
exim	exim	4.21	cpe:2.3:a:exim:exim:4.21:::::::*
exim	exim	4.22	cpe:2.3:a:exim:exim:4.22:::::::*
exim	exim	4.23	cpe:2.3:a:exim:exim:4.23:::::::*
exim	exim	4.24	cpe:2.3:a:exim:exim:4.24:::::::*
exim	exim	4.30	cpe:2.3:a:exim:exim:4.30:::::::*
exim	exim	4.31	cpe:2.3:a:exim:exim:4.31:::::::*
exim	exim	4.32	cpe:2.3:a:exim:exim:4.32:::::::*