CVE-2020-28015 - log back

CVE-2020-28015 edited at 06 May 2021 17:18:56
Description
- A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from any user to root using new-line injection into spool header files.
+ Exim 4 before 4.94.2 has improper neutralization of line delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
CVE-2020-28015 edited at 04 May 2021 14:32:51
Severity
- Low
+ Medium
Type
- Incorrect calculation
+ Privilege escalation
Description
- A security issue has been found in Exim before version 4.94.2 that allows for new-line injection into spool header files (local).
+ A security issue has been found in Exim before version 4.94.2 that allows for a local privilege escalation from any user to root using new-line injection into spool header files.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/fcddccd650178ceeec3655c6c40f420164a8706e
Notes
CVE-2020-28015 edited at 04 May 2021 13:58:02
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Incorrect calculation
Description
+ A security issue has been found in Exim before version 4.94.2 that allows for new-line injection into spool header files (local).
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28015 created at 04 May 2021 13:46:53