diff options
| author | delphij <delphij@FreeBSD.org> | 2011-02-12 03:40:12 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2011-02-12 03:40:12 +0800 |
| commit | 79c9c839b218e4a182c06201bb20e29355b954ce (patch) | |
| tree | 34f80ae793ead8d5c01b7748fa5834632f9488e9 | |
| parent | 308eac1af74e5fcb7847aa50de972ab386ba061b (diff) | |
| download | freebsd-ports-gnome-79c9c839b218e4a182c06201bb20e29355b954ce.tar.gz freebsd-ports-gnome-79c9c839b218e4a182c06201bb20e29355b954ce.tar.zst freebsd-ports-gnome-79c9c839b218e4a182c06201bb20e29355b954ce.zip | |
Document exim local privilege escalasion vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org>
| -rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e60d714e49b0..b5180c5e61f7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="44ccfab0-3564-11e0-8e81-0022190034c0"> + <topic>exim -- local privilege escalation</topic> + <affects> + <package> + <name>exim</name> + <name>exim-ldap</name> + <name>exim-ldap2</name> + <name>exim-mysql</name> + <name>exim-postgresql</name> + <name>exim-sa-exim</name> + <range><lt>4.74</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>exim.org reports:</p> + <blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74"> + <p>CVE-2011-0017 - check return value of setuid/setgid. This is a + privilege escalation vulnerability whereby the Exim run-time user + can cause root to append content of the attacker's choosing to + arbitrary files. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-0017</cvename> + <url>ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74</url> + </references> + <dates> + <discovery>2011-01-31</discovery> + <entry>2011-02-10</entry> + </dates> + </vuln> + <vuln vid="f2b43905-3545-11e0-8e81-0022190034c0"> <topic>openoffice.org -- Multiple vulnerabilities</topic> <affects> |