Launchpad.net

CVE 2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

Related bugs and status

CVE-2010-2023 (Candidate) is related to these bugs:

Bug #609620: Merge exim4 4.72-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	609620	Merge exim4 4.72-1 (main) from Debian unstable (main)		exim4 (Ubuntu)	Undecided	Fix Released

Bug #708023: exim 4.74 released fixes CVE-2011-0017

		In	Importance	Status
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Hardy)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Dapper)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Lucid)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Natty)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Maverick)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Karmic)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2023

Related bugs and status

Related bugs

References