Описание
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
Отчет
The Red Hat Security Response Team has rated this issue as having low security impact. While support for the MBX mailbox format is compiled into Exim, it is not used by default. MBX mailboxes are only useful when used with UW-IMAP or the Pine mail client, neither of which are provided with Red Hat Enterprise Linux. If the MBX format is used, this issue can be worked around by specifying "use_fcntl_lock" rather than "use_mbx_lock". We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | exim | Affected | ||
| Red Hat Enterprise Linux 5 | exim | Affected |
Показывать по
Дополнительная информация
Связанные уязвимости
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.