Vulnerability Details CVE-2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.117
EPSS Ranking 93.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
Proposed Action
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Ransomware Campaign
Unknown
References
- http://bugs.exim.org/show_bug.cgi?id=1044
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
- http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
- http://openwall.com/lists/oss-security/2010/12/10/1
- http://secunia.com/advisories/42576
- http://secunia.com/advisories/42930
- http://secunia.com/advisories/43128
- http://secunia.com/advisories/43243
- http://www.cpanel.net/2010/12/critical-exim-security-update.html
- http://www.debian.org/security/2010/dsa-2131
- http://www.debian.org/security/2011/dsa-2154
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://www.kb.cert.org/vuls/id/758489
- http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.redhat.com/support/errata/RHSA-2011-0153.html
- http://www.securityfocus.com/archive/1/515172/100/0/threaded
- http://www.securityfocus.com/bid/45341
- http://www.securitytracker.com/id?1024859
- http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
- http://www.ubuntu.com/usn/USN-1060-1
- http://www.vupen.com/english/advisories/2010/3171
- http://www.vupen.com/english/advisories/2010/3204
- http://www.vupen.com/english/advisories/2011/0135
- http://www.vupen.com/english/advisories/2011/0245
- http://www.vupen.com/english/advisories/2011/0364
- https://bugzilla.redhat.com/show_bug.cgi?id=662012
- http://bugs.exim.org/show_bug.cgi?id=1044
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
- http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
- http://openwall.com/lists/oss-security/2010/12/10/1
- http://secunia.com/advisories/42576
- http://secunia.com/advisories/42930
- http://secunia.com/advisories/43128
- http://secunia.com/advisories/43243
- http://www.cpanel.net/2010/12/critical-exim-security-update.html
- http://www.debian.org/security/2010/dsa-2131
- http://www.debian.org/security/2011/dsa-2154
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://www.kb.cert.org/vuls/id/758489
- http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.redhat.com/support/errata/RHSA-2011-0153.html
- http://www.securityfocus.com/archive/1/515172/100/0/threaded
- http://www.securityfocus.com/bid/45341
- http://www.securitytracker.com/id?1024859
- http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
- http://www.ubuntu.com/usn/USN-1060-1
- http://www.vupen.com/english/advisories/2010/3171
- http://www.vupen.com/english/advisories/2010/3204
- http://www.vupen.com/english/advisories/2011/0135
- http://www.vupen.com/english/advisories/2011/0245
- http://www.vupen.com/english/advisories/2011/0364
- https://bugzilla.redhat.com/show_bug.cgi?id=662012
Products affected by CVE-2010-4345
-
cpe:2.3:a:exim:exim:-
-
cpe:2.3:a:exim:exim:2.10
-
cpe:2.3:a:exim:exim:2.11
-
cpe:2.3:a:exim:exim:2.12
-
cpe:2.3:a:exim:exim:3.00
-
cpe:2.3:a:exim:exim:3.01
-
cpe:2.3:a:exim:exim:3.02
-
cpe:2.3:a:exim:exim:3.03
-
cpe:2.3:a:exim:exim:3.10
-
cpe:2.3:a:exim:exim:3.11
-
cpe:2.3:a:exim:exim:3.12
-
cpe:2.3:a:exim:exim:3.13
-
cpe:2.3:a:exim:exim:3.14
-
cpe:2.3:a:exim:exim:3.15
-
cpe:2.3:a:exim:exim:3.16
-
cpe:2.3:a:exim:exim:3.20
-
cpe:2.3:a:exim:exim:3.21
-
cpe:2.3:a:exim:exim:3.22
-
cpe:2.3:a:exim:exim:3.30
-
cpe:2.3:a:exim:exim:3.31
-
cpe:2.3:a:exim:exim:3.32
-
cpe:2.3:a:exim:exim:3.33
-
cpe:2.3:a:exim:exim:3.34
-
cpe:2.3:a:exim:exim:3.35
-
cpe:2.3:a:exim:exim:3.36
-
cpe:2.3:a:exim:exim:4.00
-
cpe:2.3:a:exim:exim:4.01
-
cpe:2.3:a:exim:exim:4.02
-
cpe:2.3:a:exim:exim:4.03
-
cpe:2.3:a:exim:exim:4.04
-
cpe:2.3:a:exim:exim:4.05
-
cpe:2.3:a:exim:exim:4.10
-
cpe:2.3:a:exim:exim:4.11
-
cpe:2.3:a:exim:exim:4.12
-
cpe:2.3:a:exim:exim:4.14
-
cpe:2.3:a:exim:exim:4.20
-
cpe:2.3:a:exim:exim:4.21
-
cpe:2.3:a:exim:exim:4.22
-
cpe:2.3:a:exim:exim:4.23
-
cpe:2.3:a:exim:exim:4.24
-
cpe:2.3:a:exim:exim:4.30
-
cpe:2.3:a:exim:exim:4.31
-
cpe:2.3:a:exim:exim:4.32
-
cpe:2.3:a:exim:exim:4.33
-
cpe:2.3:a:exim:exim:4.34
-
cpe:2.3:a:exim:exim:4.40
-
cpe:2.3:a:exim:exim:4.41
-
cpe:2.3:a:exim:exim:4.42
-
cpe:2.3:a:exim:exim:4.43
-
cpe:2.3:a:exim:exim:4.44
-
cpe:2.3:a:exim:exim:4.50
-
cpe:2.3:a:exim:exim:4.51
-
cpe:2.3:a:exim:exim:4.52
-
cpe:2.3:a:exim:exim:4.53
-
cpe:2.3:a:exim:exim:4.54
-
cpe:2.3:a:exim:exim:4.60
-
cpe:2.3:a:exim:exim:4.61
-
cpe:2.3:a:exim:exim:4.62
-
cpe:2.3:a:exim:exim:4.63
-
cpe:2.3:a:exim:exim:4.64
-
cpe:2.3:a:exim:exim:4.65
-
cpe:2.3:a:exim:exim:4.66
-
cpe:2.3:a:exim:exim:4.67
-
cpe:2.3:a:exim:exim:4.68
-
cpe:2.3:a:exim:exim:4.69
-
cpe:2.3:a:exim:exim:4.70
-
cpe:2.3:a:exim:exim:4.71
-
cpe:2.3:a:exim:exim:4.72
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:10.10
-
cpe:2.3:o:canonical:ubuntu_linux:6.06
-
cpe:2.3:o:canonical:ubuntu_linux:8.04
-
cpe:2.3:o:canonical:ubuntu_linux:9.10
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:opensuse:opensuse:11.1
-
cpe:2.3:o:opensuse:opensuse:11.2
-
cpe:2.3:o:opensuse:opensuse:11.3