CVE - CVE-2010-4345

CVE-ID
CVE-2010-4345	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1024859 URL:http://www.securitytracker.com/id?1024859 MISC:20101213 Exim security issue in historical release URL:http://www.securityfocus.com/archive/1/515172/100/0/threaded MISC:42576 URL:http://secunia.com/advisories/42576 MISC:42930 URL:http://secunia.com/advisories/42930 MISC:43128 URL:http://secunia.com/advisories/43128 MISC:43243 URL:http://secunia.com/advisories/43243 MISC:45341 URL:http://www.securityfocus.com/bid/45341 MISC:ADV-2010-3171 URL:~~http://www.vupen.com/english/advisories/2010/3171~~ (Obsolete source) MISC:ADV-2010-3204 URL:~~http://www.vupen.com/english/advisories/2010/3204~~ (Obsolete source) MISC:ADV-2011-0135 URL:~~http://www.vupen.com/english/advisories/2011/0135~~ (Obsolete source) MISC:ADV-2011-0245 URL:~~http://www.vupen.com/english/advisories/2011/0245~~ (Obsolete source) MISC:ADV-2011-0364 URL:~~http://www.vupen.com/english/advisories/2011/0364~~ (Obsolete source) MISC:DSA-2131 URL:http://www.debian.org/security/2010/dsa-2131 MISC:DSA-2154 URL:http://www.debian.org/security/2011/dsa-2154 MISC:RHSA-2011:0153 URL:http://www.redhat.com/support/errata/RHSA-2011-0153.html MISC:SUSE-SA:2010:059 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html MISC:USN-1060-1 URL:http://www.ubuntu.com/usn/USN-1060-1 MISC:VU#758489 URL:http://www.kb.cert.org/vuls/id/758489 MISC:[exim-dev] 20101207 Remote root vulnerability in Exim URL:http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html MISC:[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim URL:http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html MISC:[exim-dev] 20101210 Re: Remote root vulnerability in Exim URL:http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html MISC:[oss-security] 20101210 Exim remote root URL:http://openwall.com/lists/oss-security/2010/12/10/1 MISC:[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim URL:http://www.openwall.com/lists/oss-security/2021/05/04/7 MISC:http://bugs.exim.org/show_bug.cgi?id=1044 URL:http://bugs.exim.org/show_bug.cgi?id=1044 MISC:http://www.cpanel.net/2010/12/critical-exim-security-update.html URL:http://www.cpanel.net/2010/12/critical-exim-security-update.html MISC:http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format URL:http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format MISC:http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ URL:http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ MISC:https://bugzilla.redhat.com/show_bug.cgi?id=662012 URL:https://bugzilla.redhat.com/show_bug.cgi?id=662012
Assigning CNA
Red Hat, Inc.
Date Record Created
20101130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)