CVE-2021-27216

Public on 2021-05-06
Modified on 2022-08-05
Description

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.

Severity
Medium
See what this means
CVSS v3 Base Score
6.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 exim 2022-08-05 ALAS-2022-1622

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C
Amazon Linux CVSSv3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
NVD CVSSv2 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C
NVD CVSSv3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H