Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
References
| Link | Resource |
|---|---|
| https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt | Exploit Vendor Advisory |
| https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 05:57
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt - Exploit, Vendor Advisory |
Information
Published : 2021-05-06 13:15
Updated : 2024-11-21 05:57
NVD link : CVE-2021-27216
Mitre link : CVE-2021-27216
CVE.ORG link : CVE-2021-27216
JSON object : View
Products Affected
exim
- exim
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')