Lucene search

K

AttackerKBAKB:974D469A-E298-4732-8196-6B15E0954958

HistoryDec 14, 2010 - 12:00 a.m.

CVE-2010-4345

2010-12-1400:00:00

attackerkb.com

17

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

46.7%

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

bugs.exim.org/show_bug.cgi?id=1044

lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

openwall.com/lists/oss-security/2010/12/10/1

secunia.com/advisories/42576

secunia.com/advisories/42930

secunia.com/advisories/43128

secunia.com/advisories/43243

www.cpanel.net/2010/12/critical-exim-security-update.html

www.debian.org/security/2010/dsa-2131

www.debian.org/security/2011/dsa-2154

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

www.kb.cert.org/vuls/id/758489

www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

www.openwall.com/lists/oss-security/2021/05/04/7

www.redhat.com/support/errata/RHSA-2011-0153.html

www.securityfocus.com/archive/1/515172/100/0/threaded

www.securityfocus.com/bid/45341

www.securitytracker.com/id?1024859

www.theregister.co.uk/2010/12/11/exim_code_execution_peril

www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

www.ubuntu.com/usn/USN-1060-1

www.vupen.com/english/advisories/2010/3171

www.vupen.com/english/advisories/2010/3204

www.vupen.com/english/advisories/2011/0135

www.vupen.com/english/advisories/2011/0245

www.vupen.com/english/advisories/2011/0364

access.redhat.com/errata/RHSA-2011:0153

access.redhat.com/security/cve/CVE-2010-4345

bugzilla.redhat.com/show_bug.cgi?id=662012

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

46.7%

Related for AKB:974D469A-E298-4732-8196-6B15E0954958