Execution with Unnecessary Privileges in Exim by Exim Software
CVE-2021-27216

6.3MEDIUM

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 6 May 2021

What is CVE-2021-27216?

The vulnerability presents in Exim versions earlier than 4.94.2, allowing local users to exploit a race condition involving the delete_pid_file function. By leveraging specific options (-oP and -oPX), a local attacker can gain unauthorized file deletion capabilities, executing commands with root-level permissions. This security flaw poses significant risks, as it may lead to loss of data integrity and unauthorized access to sensitive system files.

References

https://www.exim.org/static/doc/security/CVE-2020-qualys/...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2021
Vulnerability Reserved
Feb 15, 2021