CVE-2010-2023
Last modified
CVE-2010-2023 is a vulnerability of currently unknown severity. transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | <= 4.71 |
| Exim | Exim | 4.10 |
| Exim | Exim | 4.20 |
| Exim | Exim | 4.21 |
| Exim | Exim | 4.22 |
| Exim | Exim | 4.23 |
| Exim | Exim | 4.24 |
| Exim | Exim | 4.30 |
| Exim | Exim | 4.31 |
| Exim | Exim | 4.32 |
| Exim | Exim | 4.33 |
| Exim | Exim | 4.34 |
| Exim | Exim | 4.40 |
| Exim | Exim | 4.41 |
| Exim | Exim | 4.42 |
| Exim | Exim | 4.43 |
| Exim | Exim | 4.44 |
| Exim | Exim | 4.50 |
| Exim | Exim | 4.51 |
| Exim | Exim | 4.52 |
| Exim | Exim | 4.53 |
| Exim | Exim | 4.54 |
| Exim | Exim | 4.60 |
| Exim | Exim | 4.61 |
| Exim | Exim | 4.62 |
| Exim | Exim | 4.63 |
| Exim | Exim | 4.64 |
| Exim | Exim | 4.65 |
| Exim | Exim | 4.66 |
| Exim | Exim | 4.67 |
| Exim | Exim | 4.68 |
| Exim | Exim | 4.69 |
| Exim | Exim | 4.70 |
References
- http://secunia.com/advisories/40019Vendor Advisory
- http://secunia.com/advisories/40019Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2023?
How severe is CVE-2010-2023?
How do I fix CVE-2010-2023?
Are you affected by CVE-2010-2023?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST