CVE-2020-28012 - log back

CVE-2020-28012 edited at 06 May 2021 17:17:06
Description
- A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from any user to root if allow_filter is true, using a missing close-on-exec flag for a privileged pipe.
+ Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
CVE-2020-28012 edited at 04 May 2021 14:27:32
Type
- Information disclosure
+ Privilege escalation
Description
- A missing close-on-exec flag for privileged pipe has been found in Exim before version 4.94.2.
+ A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from any user to root if allow_filter is true, using a missing close-on-exec flag for a privileged pipe.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/645a31d16195bb6b73f0a0d0c04b2251e5b28421
Notes
CVE-2020-28012 edited at 04 May 2021 13:55:14
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A missing close-on-exec flag for privileged pipe has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28012 created at 04 May 2021 13:46:53