File Descriptor Exposure in Exim Mail Transfer Agent by Exim
CVE-2020-28012

7.8HIGH

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 6 May 2021

What is CVE-2020-28012?

The Exim Mail Transfer Agent prior to version 4.94.2 contains a vulnerability that may allow for the exposure of a file descriptor due to a flaw in the rda_interpret function. This flaw arises from the use of a privileged pipe that does not implement a close-on-exec flag, increasing the risk of unintended control over file descriptors by malicious entities. It is critical for users of the affected versions to review their systems and apply the necessary updates to mitigate potential exploitation.

References

https://www.exim.org/static/doc/security/CVE-2020-qualys/...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2021
Vulnerability Reserved
Oct 30, 2020