CVE-2020-28008 - log back

CVE-2020-28008 edited at 06 May 2021 17:13:58
Type
- Privilege escalation
+ Arbitrary command execution
Description
- A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from user "exim" to root using assorted attacks in Exim's spool directory.
+ Exim 4 before 4.94.2 allows execution with unnecessary privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.
CVE-2020-28008 edited at 04 May 2021 14:21:26
Description
- A security issue has been found in Exim before version 4.94.2 that allows for assorted attacks in Exim's spool directory.
+ A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from user "exim" to root using assorted attacks in Exim's spool directory.
CVE-2020-28008 edited at 04 May 2021 14:16:31
Type
- Information disclosure
+ Privilege escalation
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/b05dc3573f4cd476482374b0ac0393153d344338
Notes
CVE-2020-28008 edited at 04 May 2021 13:51:24
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A security issue has been found in Exim before version 4.94.2 that allows for assorted attacks in Exim's spool directory.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28008 created at 04 May 2021 13:46:53