Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2021-27216

Published: 06/05/2021 Updated: 13/05/2021
CVSS v2 Base Score: 6.3 | Impact Score: 9.2 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1
VMScore: 561
Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C
Subscribe to Exim

Vulnerability Summary

Exim 4 prior to 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

Vendor Advisories

Amazon Linux AMI: ALAS-2022-1622
Exim 4 before 4942 allows Execution with Unnecessary Privileges Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem (CVE-2020-28007) Exim 4 before 4942 allows Execution with Unnecessary Privileges Because Exim oper ...

References

CWE-269https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txthttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2022-1622.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook