CVE-2010-2024: Race Condition
First published: Thu Jun 03 2010(Updated: )
Dan Rosenberg reported that when MBX locking is enabled in exim, local users could exploit a race condition to change permissions of other non-root users' files. This could lead to a denial of service, to create new files owned by other users in unauthorized locations, or to possibly escalate privileges. Further information is available from the upstream bug report [1] and this has been fixed upstream in exim 4.72 [2]. [1] <a href="http://bugs.exim.org/show_bug.cgi?id=989">http://bugs.exim.org/show_bug.cgi?id=989</a> [2] <a href="http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26">http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26</a> While exim is built to support the MBX format, it is not the default for local mail delivery (Unix mailbox support is the default). This will only affect users that use the "mbx_format" option in the appendfile transport.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | =4.70 | |
| Exim Exim | =4.69 | |
| Exim Exim | =4.66 | |
| Exim Exim | =4.10 | |
| Exim Exim | =4.24 | |
| Exim Exim | =4.30 | |
| Exim Exim | =4.21 | |
| Exim Exim | =4.51 | |
| Exim Exim | =4.67 | |
| Exim Exim | =4.63 | |
| Exim Exim | =4.43 | |
| Exim Exim | =4.22 | |
| Exim Exim | =4.40 | |
| Exim Exim | =4.52 | |
| Exim Exim | =4.60 | |
| Exim Exim | =4.61 | |
| Exim Exim | =4.68 | |
| Exim Exim | =4.54 | |
| Exim Exim | =4.23 | |
| Exim Exim | =4.62 | |
| Exim Exim | =4.32 | |
| Exim Exim | =4.42 | |
| Exim Exim | =4.31 | |
| Exim Exim | =4.44 | |
| Exim Exim | =4.64 | |
| Exim Exim | =4.41 | |
| Exim Exim | =4.20 | |
| Exim Exim | =4.65 | |
| Exim Exim | =4.53 | |
| Exim Exim | =4.33 | |
| Exim Exim | =4.50 | |
| Exim Exim | <=4.71 | |
| Exim Exim | =4.34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/40019
- http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26
- http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html
- http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2
- http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html
- https://bugzilla.redhat.com/show_bug.cgi?id=600097
- http://bugs.exim.org/show_bug.cgi?id=989
- http://www.vupen.com/english/advisories/2010/1402
- http://www.securityfocus.com/bid/40454
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html
- http://secunia.com/advisories/40123
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://www.ubuntu.com/usn/USN-1060-1
- http://www.vupen.com/english/advisories/2011/0364
- http://secunia.com/advisories/43243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59042
- http://www.securityfocus.com/archive/1/511653/100/0/threaded
- http://admin.fedoraproject.org/updates/exim-4.72-1.fc12
- http://admin.fedoraproject.org/updates/exim-4.72-1.fc13
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2024
- vendor/exim
- canonical/exim exim
- version/exim exim/4.70
- version/exim exim/4.69
- version/exim exim/4.66
- version/exim exim/4.10
- version/exim exim/4.24
- version/exim exim/4.30
- version/exim exim/4.21
- version/exim exim/4.51
- version/exim exim/4.67
- version/exim exim/4.63
- version/exim exim/4.43
- version/exim exim/4.22
- version/exim exim/4.40
- version/exim exim/4.52
- version/exim exim/4.60
- version/exim exim/4.61
- version/exim exim/4.68
- version/exim exim/4.54
- version/exim exim/4.23
- version/exim exim/4.62
- version/exim exim/4.32
- version/exim exim/4.42
- version/exim exim/4.31
- version/exim exim/4.44
- version/exim exim/4.64
- version/exim exim/4.41
- version/exim exim/4.20
- version/exim exim/4.65
- version/exim exim/4.53
- version/exim exim/4.33
- version/exim exim/4.50
- version/exim exim/4.71
- version/exim exim/4.34