CVE-2010-2024

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.72

Description The issue allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. This is possible when MBX locking is enabled.

Recommendations For Exim versions prior to 4.72, update to version 4.72 or later to resolve the issue. As a temporary workaround, consider disabling MBX locking to minimize the risk of exploitation. Restrict access to the /tmp/ directory to prevent symlink attacks on lockfiles.