The Red Hat Security Response Team has rated this issue as having low security impact. By default, /var/spool/mail/ is not provided with permissions to make an attack scenario possible, and there is no reason for permissions to be relaxed in such a way as to make it possible. We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
|Red Hat Enterprise Linux 5||exim||Affected|
|Red Hat Enterprise Linux 4||exim||Affected|