CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
eximexim
𝑥
≤ 4.71
eximexim
4.10
eximexim
4.20
eximexim
4.21
eximexim
4.22
eximexim
4.23
eximexim
4.24
eximexim
4.30
eximexim
4.31
eximexim
4.32
eximexim
4.33
eximexim
4.34
eximexim
4.40
eximexim
4.41
eximexim
4.42
eximexim
4.43
eximexim
4.44
eximexim
4.50
eximexim
4.51
eximexim
4.52
eximexim
4.53
eximexim
4.54
eximexim
4.60
eximexim
4.61
eximexim
4.62
eximexim
4.63
eximexim
4.64
eximexim
4.65
eximexim
4.66
eximexim
4.67
eximexim
4.68
eximexim
4.69
eximexim
4.70
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exim4
bullseye
4.94.2-7+deb11u3
fixed
lenny
no-dsa
bullseye (security)
4.94.2-7+deb11u4
fixed
bookworm
4.96-15+deb12u5
fixed
bookworm (security)
4.96-15+deb12u5
fixed
sid
4.98-2
fixed
trixie
4.98-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exim4
maverick
Fixed 4.72-1ubuntu1
released
lucid
Fixed 4.71-3ubuntu1.1
released
karmic
Fixed 4.69-11ubuntu4.2
released
jaunty
ignored
hardy
Fixed 4.69-2ubuntu0.3
released
dapper
Fixed 4.60-3ubuntu3.3
released
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
http://bugs.exim.org/show_bug.cgi?id=988
http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/40019
http://secunia.com/advisories/40123
http://secunia.com/advisories/43243
http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25
http://www.securityfocus.com/archive/1/511653/100/0/threaded
http://www.securityfocus.com/bid/40451
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/1402
http://www.vupen.com/english/advisories/2011/0364
https://bugzilla.redhat.com/show_bug.cgi?id=600093
https://exchange.xforce.ibmcloud.com/vulnerabilities/59043
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
http://bugs.exim.org/show_bug.cgi?id=988
http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/40019
http://secunia.com/advisories/40123
http://secunia.com/advisories/43243
http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25
http://www.securityfocus.com/archive/1/511653/100/0/threaded
http://www.securityfocus.com/bid/40451
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/1402
http://www.vupen.com/english/advisories/2011/0364
https://bugzilla.redhat.com/show_bug.cgi?id=600093
https://exchange.xforce.ibmcloud.com/vulnerabilities/59043