CVE-2011-0017
EPSS 0.12%
Description
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
How to fix CVE-2011-0017
To remediate CVE-2011-0017, upgrade the affected package to a fixed version below.
- Debian/exim4—upgrade to 4.72-4 or later
Is CVE-2011-0017 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.72-4