Lucene search

[email protected]NVD:CVE-2010-4345

HistoryDec 14, 2010 - 4:00 p.m.

CVE-2010-4345

2010-12-1416:00:04

CWE-264

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.7%

JSON

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Affected configurations

NVD

Node

eximeximRange≤4.72

eximeximMatch2.10

eximeximMatch2.11

eximeximMatch2.12

eximeximMatch3.00

eximeximMatch3.01

eximeximMatch3.02

eximeximMatch3.03

eximeximMatch3.10

eximeximMatch3.11

eximeximMatch3.12

eximeximMatch3.13

eximeximMatch3.14

eximeximMatch3.15

eximeximMatch3.16

eximeximMatch3.20

eximeximMatch3.21

eximeximMatch3.22

eximeximMatch3.30

eximeximMatch3.31

eximeximMatch3.32

eximeximMatch3.33

eximeximMatch3.34

eximeximMatch3.35

eximeximMatch3.36

eximeximMatch4.00

eximeximMatch4.01

eximeximMatch4.02

eximeximMatch4.03

eximeximMatch4.04

eximeximMatch4.05

eximeximMatch4.10

eximeximMatch4.11

eximeximMatch4.12

eximeximMatch4.14

eximeximMatch4.20

eximeximMatch4.21

eximeximMatch4.22

eximeximMatch4.23

eximeximMatch4.24

eximeximMatch4.30

eximeximMatch4.31

eximeximMatch4.32

eximeximMatch4.33

eximeximMatch4.34

eximeximMatch4.40

eximeximMatch4.41

eximeximMatch4.42

eximeximMatch4.43

eximeximMatch4.44

eximeximMatch4.50

eximeximMatch4.51

eximeximMatch4.52

eximeximMatch4.53

eximeximMatch4.54

eximeximMatch4.60

eximeximMatch4.61

eximeximMatch4.62

eximeximMatch4.63

eximeximMatch4.64

eximeximMatch4.65

eximeximMatch4.66

eximeximMatch4.67

eximeximMatch4.68

eximeximMatch4.69

eximeximMatch4.70

eximeximMatch4.71

References

bugs.exim.org/show_bug.cgi?id=1044

lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

openwall.com/lists/oss-security/2010/12/10/1

secunia.com/advisories/42576

secunia.com/advisories/42930

secunia.com/advisories/43128

secunia.com/advisories/43243

www.cpanel.net/2010/12/critical-exim-security-update.html

www.debian.org/security/2010/dsa-2131

www.debian.org/security/2011/dsa-2154

www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

www.kb.cert.org/vuls/id/758489

www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

www.openwall.com/lists/oss-security/2021/05/04/7

www.redhat.com/support/errata/RHSA-2011-0153.html

www.securityfocus.com/archive/1/515172/100/0/threaded

www.securityfocus.com/bid/45341

www.securitytracker.com/id?1024859

www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

www.ubuntu.com/usn/USN-1060-1

www.vupen.com/english/advisories/2010/3171

www.vupen.com/english/advisories/2010/3204

www.vupen.com/english/advisories/2011/0135

www.vupen.com/english/advisories/2011/0245

www.vupen.com/english/advisories/2011/0364

bugzilla.redhat.com/show_bug.cgi?id=662012

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.7%

JSON

CVE-2010-4345

Affected configurations

References

Related