Vulnerability CVE-2021-27216
Published: 2021-05-06

Description:
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.

Type:

CWE-269

 (Improper Privilege Management)

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
9.2/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete
Affected software
EXIM -> EXIM 

 References:
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt
Copyright 2024, cxsecurity.com

 

Back to Top