Lucene search

K

[email protected]CVE-2010-4345

HistoryDec 14, 2010 - 4:00 p.m.

CVE-2010-4345

2010-12-1416:00:00

CWE-264

[email protected]

web.nvd.nist.gov

879

In Wild

2

exim

cve-2010-4345

privilege escalation

security vulnerability

8.9 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

45.8%

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

CPENameOperatorVersion
exim:eximeximeq2.11
exim:eximeximeq4.70
exim:eximeximeq4.69
exim:eximeximeq4.66
exim:eximeximeq4.10
exim:eximeximeq3.16
exim:eximeximeq3.21
exim:eximeximeq3.01
exim:eximeximeq3.31
exim:eximeximeq4.24

Rows per page:

1-10 of 671

References

bugs.exim.org/show_bug.cgi?id=1044

lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

openwall.com/lists/oss-security/2010/12/10/1

secunia.com/advisories/42576

secunia.com/advisories/42930

secunia.com/advisories/43128

secunia.com/advisories/43243

www.cpanel.net/2010/12/critical-exim-security-update.html

www.debian.org/security/2010/dsa-2131

www.debian.org/security/2011/dsa-2154

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

www.kb.cert.org/vuls/id/758489

www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

www.openwall.com/lists/oss-security/2021/05/04/7

www.redhat.com/support/errata/RHSA-2011-0153.html

www.securityfocus.com/archive/1/515172/100/0/threaded

www.securityfocus.com/bid/45341

www.securitytracker.com/id?1024859

www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

www.ubuntu.com/usn/USN-1060-1

www.vupen.com/english/advisories/2010/3171

www.vupen.com/english/advisories/2010/3204

www.vupen.com/english/advisories/2011/0135

www.vupen.com/english/advisories/2011/0245

www.vupen.com/english/advisories/2011/0364

bugzilla.redhat.com/show_bug.cgi?id=662012

Social References

More

8.9 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

45.8%