CVE-2010-2023

EUVD-2010-2043
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
eximexim
𝑥
≤ 4.71
eximexim
4.10
eximexim
4.20
eximexim
4.21
eximexim
4.22
eximexim
4.23
eximexim
4.24
eximexim
4.30
eximexim
4.31
eximexim
4.32
eximexim
4.33
eximexim
4.34
eximexim
4.40
eximexim
4.41
eximexim
4.42
eximexim
4.43
eximexim
4.44
eximexim
4.50
eximexim
4.51
eximexim
4.52
eximexim
4.53
eximexim
4.54
eximexim
4.60
eximexim
4.61
eximexim
4.62
eximexim
4.63
eximexim
4.64
eximexim
4.65
eximexim
4.66
eximexim
4.67
eximexim
4.68
eximexim
4.69
eximexim
4.70
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exim4
bookworm
4.96-15+deb12u5
fixed
bookworm (security)
4.96-15+deb12u5
fixed
bullseye
4.94.2-7+deb11u3
fixed
bullseye (security)
4.94.2-7+deb11u4
fixed
lenny
no-dsa
sid
4.98-2
fixed
trixie
4.98-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exim4
dapper
Fixed 4.60-3ubuntu3.3
released
hardy
Fixed 4.69-2ubuntu0.3
released
jaunty
ignored
karmic
Fixed 4.69-11ubuntu4.2
released
lucid
Fixed 4.71-3ubuntu1.1
released
maverick
Fixed 4.72-1ubuntu1
released
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
http://bugs.exim.org/show_bug.cgi?id=988
http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/40019
http://secunia.com/advisories/40123
http://secunia.com/advisories/43243
http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25
http://www.securityfocus.com/archive/1/511653/100/0/threaded
http://www.securityfocus.com/bid/40451
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/1402
http://www.vupen.com/english/advisories/2011/0364
https://bugzilla.redhat.com/show_bug.cgi?id=600093
https://exchange.xforce.ibmcloud.com/vulnerabilities/59043
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
http://bugs.exim.org/show_bug.cgi?id=988
http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/40019
http://secunia.com/advisories/40123
http://secunia.com/advisories/43243
http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25
http://www.securityfocus.com/archive/1/511653/100/0/threaded
http://www.securityfocus.com/bid/40451
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/1402
http://www.vupen.com/english/advisories/2011/0364
https://bugzilla.redhat.com/show_bug.cgi?id=600093
https://exchange.xforce.ibmcloud.com/vulnerabilities/59043