CVE-2010-2024

2010-06-0717:12:48

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

Percentile

10.1%

JSON

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

OSVersionArchitecturePackageVersionFilename
Debian12allexim4< 4.72-1exim4_4.72-1_all.deb
Debian11allexim4< 4.72-1exim4_4.72-1_all.deb
Debian999allexim4< 4.72-1exim4_4.72-1_all.deb
Debian13allexim4< 4.72-1exim4_4.72-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	exim4	< 4.72-1	exim4_4.72-1_all.deb
Debian	11	all	exim4	< 4.72-1	exim4_4.72-1_all.deb
Debian	999	all	exim4	< 4.72-1	exim4_4.72-1_all.deb
Debian	13	all	exim4	< 4.72-1	exim4_4.72-1_all.deb