transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
2010-06-07T17:12:48.247
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.4 (MEDIUM)
AV:L/AC:M/Au:N/C:P/I:P/A:P
3.4
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | exim | exim | ≤ 4.71 | Yes |
| Application | exim | exim | 4.10 | Yes |
| Application | exim | exim | 4.20 | Yes |
| Application | exim | exim | 4.21 | Yes |
| Application | exim | exim | 4.22 | Yes |
| Application | exim | exim | 4.23 | Yes |
| Application | exim | exim | 4.24 | Yes |
| Application | exim | exim | 4.30 | Yes |
| Application | exim | exim | 4.31 | Yes |
| Application | exim | exim | 4.32 | Yes |
| Application | exim | exim | 4.33 | Yes |
| Application | exim | exim | 4.34 | Yes |
| Application | exim | exim | 4.40 | Yes |
| Application | exim | exim | 4.41 | Yes |
| Application | exim | exim | 4.42 | Yes |
| Application | exim | exim | 4.43 | Yes |
| Application | exim | exim | 4.44 | Yes |
| Application | exim | exim | 4.50 | Yes |
| Application | exim | exim | 4.51 | Yes |
| Application | exim | exim | 4.52 | Yes |
| Application | exim | exim | 4.53 | Yes |
| Application | exim | exim | 4.54 | Yes |
| Application | exim | exim | 4.60 | Yes |
| Application | exim | exim | 4.61 | Yes |
| Application | exim | exim | 4.62 | Yes |
| Application | exim | exim | 4.63 | Yes |
| Application | exim | exim | 4.64 | Yes |
| Application | exim | exim | 4.65 | Yes |
| Application | exim | exim | 4.66 | Yes |
| Application | exim | exim | 4.67 | Yes |
| Application | exim | exim | 4.68 | Yes |
| Application | exim | exim | 4.69 | Yes |
| Application | exim | exim | 4.70 | Yes |