Launchpad.net

CVE 2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

Related bugs and status

CVE-2010-2024 (Candidate) is related to these bugs:

Bug #609620: Merge exim4 4.72-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	609620	Merge exim4 4.72-1 (main) from Debian unstable (main)		exim4 (Ubuntu)	Undecided	Fix Released

Bug #708023: exim 4.74 released fixes CVE-2011-0017

		In	Importance	Status
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Hardy)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Dapper)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Lucid)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Natty)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Maverick)	Medium	Fix Released
708023	exim 4.74 released fixes CVE-2011-0017	exim4 (Ubuntu Karmic)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2024

Related bugs and status

Related bugs

References