CVE-2021-27216: Race Condition
First published: Thu May 06 2021(Updated: )
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | <4.94.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-27216?
CVE-2021-27216 is a vulnerability in Exim 4 before version 4.94.2 that allows a local user to delete arbitrary files as root.
What is the severity of CVE-2021-27216?
CVE-2021-27216 has a severity rating of 6.3 (medium).
How does CVE-2021-27216 work?
CVE-2021-27216 leverages a delete_pid_file race condition to allow a local user to delete files as root.
What software versions are affected by CVE-2021-27216?
CVE-2021-27216 affects Exim versions up to but excluding 4.94.2.
Is there a fix for CVE-2021-27216?
Yes, upgrading to Exim version 4.94.2 or later fixes CVE-2021-27216.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/exim
- canonical/exim exim