CVE-2011-0017 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0017 Interim 1 11 2023-12-09T01:52:34Z current 2021-05-30T12:55:32Z 2023-12-09T01:52:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0017 The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43S464JBRP23WXK2REYQSXZZBYAIDZVN/#43S464JBRP23WXK2REYQSXZZBYAIDZVN E-Mail link for SUSE-SR:2011:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed exim-4.86.2-2.2 eximon-4.86.2-2.2 eximstats-html-4.86.2-2.2 exim-4.86.2-2.2 as a component of openSUSE Tumbleweed eximon-4.86.2-2.2 as a component of openSUSE Tumbleweed eximstats-html-4.86.2-2.2 as a component of openSUSE Tumbleweed The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. CVE-2011-0017 openSUSE Tumbleweed:exim-4.86.2-2.2 openSUSE Tumbleweed:eximon-4.86.2-2.2 openSUSE Tumbleweed:eximstats-html-4.86.2-2.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C