CVE-2020-28014 - log back

CVE-2020-28014 edited at 06 May 2021 17:18:22
Description
- A security issue has been found in Exim before version 4.94.2. An attacker who obtained the privileges of the "exim" user can abuse the -oP override_pid_file_path option to create (or overwrite) an arbitrary file, as root. The attacker does not, however, control the contents of this file.
+ Exim 4 before 4.94.2 allows execution with unnecessary privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
CVE-2020-28014 edited at 04 May 2021 14:29:49
Severity
- Low
+ Medium
Type
- Arbitrary filesystem access
+ Arbitrary file overwrite
Description
- A security issue has been found in Exim before version 4.94.2 that allows for arbitrary PID file creation.
+ A security issue has been found in Exim before version 4.94.2. An attacker who obtained the privileges of the "exim" user can abuse the -oP override_pid_file_path option to create (or overwrite) an arbitrary file, as root. The attacker does not, however, control the contents of this file.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/43c6f0b83200b7082353c50187ef75de3704580a
Notes
CVE-2020-28014 edited at 04 May 2021 13:56:35
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary filesystem access
Description
+ A security issue has been found in Exim before version 4.94.2 that allows for arbitrary PID file creation.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28014 created at 04 May 2021 13:46:53