summaryrefslogtreecommitdiff
path: root/doc/doc-txt/ChangeLog
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2011-01-21 03:56:02 -0500
committerPhil Pennock <pdp@exim.org>2011-01-21 03:56:02 -0500
commit1670ef10063d7708eb736a482d1ad25b9c59521d (patch)
treecc8ad240887f3dfa0f4f56b228e6d6bbcb376de3 /doc/doc-txt/ChangeLog
parent6545de78cb822ab5db97a2f16fe7a42cc9488bd8 (diff)
Check return values of setgid/setuid.
CVE-2011-0017 One assertion of the unimportance of checking the return value was wrong, in the event of a compromised exim run-time user.
Diffstat (limited to 'doc/doc-txt/ChangeLog')
-rw-r--r--doc/doc-txt/ChangeLog5
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ff375d398..a1bd4e7fc 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -32,6 +32,11 @@ PP/03 Report version information for many libraries, including
version.h, now support a version extension string for distributors
who patch heavily. Dynamic module ABI change.
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+ privilege escalation vulnerability whereby the Exim run-time user
+ can cause root to append content of the attacker's choosing to
+ arbitrary files.
+
Exim version 4.73
-----------------