CVE-2010-2023

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.72

Description The issue arises when a world-writable mail directory with the sticky-bit activated is used. In this scenario, the software fails to verify the st nlink field of mailbox files. This oversight allows local users to potentially cause a denial of service or gain privileges by creating a hard link to another user's file.

Recommendations For versions prior to 4.72, update to version 4.72 or later to resolve the issue. As a temporary workaround, consider restricting write access to the mail directory to prevent local users from creating hard links to other users' files.