transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-06-07
Updated
2018-10-10
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-06-07
Updated
2018-10-10
2 vulnerabilities found