CVE - CVE-2010-4345

CVE-ID
CVE-2010-4345	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20101213 Exim security issue in historical release URL:http://www.securityfocus.com/archive/1/515172/100/0/threaded MLIST:[exim-dev] 20101207 Remote root vulnerability in Exim URL:http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html MLIST:[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim URL:http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html MLIST:[exim-dev] 20101210 Re: Remote root vulnerability in Exim URL:http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html MLIST:[oss-security] 20101210 Exim remote root URL:http://openwall.com/lists/oss-security/2010/12/10/1 MISC:http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format MISC:http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ CONFIRM:http://bugs.exim.org/show_bug.cgi?id=1044 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=662012 CONFIRM:http://www.cpanel.net/2010/12/critical-exim-security-update.html DEBIAN:DSA-2131 URL:http://www.debian.org/security/2010/dsa-2131 DEBIAN:DSA-2154 URL:http://www.debian.org/security/2011/dsa-2154 REDHAT:RHSA-2011:0153 URL:http://www.redhat.com/support/errata/RHSA-2011-0153.html SUSE:SUSE-SA:2010:059 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html UBUNTU:USN-1060-1 URL:http://www.ubuntu.com/usn/USN-1060-1 CERT-VN:VU#758489 URL:http://www.kb.cert.org/vuls/id/758489 BID:45341 URL:http://www.securityfocus.com/bid/45341 SECTRACK:1024859 URL:http://www.securitytracker.com/id?1024859 SECUNIA:42576 URL:http://secunia.com/advisories/42576 SECUNIA:42930 URL:http://secunia.com/advisories/42930 SECUNIA:43128 URL:http://secunia.com/advisories/43128 SECUNIA:43243 URL:http://secunia.com/advisories/43243 VUPEN:ADV-2010-3171 URL:http://www.vupen.com/english/advisories/2010/3171 VUPEN:ADV-2010-3204 URL:http://www.vupen.com/english/advisories/2010/3204 VUPEN:ADV-2011-0135 URL:http://www.vupen.com/english/advisories/2011/0135 VUPEN:ADV-2011-0245 URL:http://www.vupen.com/english/advisories/2011/0245 VUPEN:ADV-2011-0364 URL:http://www.vupen.com/english/advisories/2011/0364
Assigning CNA
N/A
Date Entry Created
20101130	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org