← Retour aux CVEs
CVE-2010-4345
HIGHCISA KEV7.8
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/14/2010
Derniere modification4/21/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurExim
ProduitExim
Nom vulnerabiliteExim Privilege Escalation Vulnerability
Date ajout KEV2022-03-25
Date limite remediation2022-04-15
Utilise dans ransomwareUnknown
Produits affectes
canonical:ubuntu_linuxdebian:debian_linuxexim:eximopensuse:opensuse
Faiblesses (CWE)
CWE-77
References
http://bugs.exim.org/show_bug.cgi?id=1044(secalert@redhat.com)
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html(secalert@redhat.com)
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html(secalert@redhat.com)
http://openwall.com/lists/oss-security/2010/12/10/1(secalert@redhat.com)
http://secunia.com/advisories/42576(secalert@redhat.com)
http://secunia.com/advisories/42930(secalert@redhat.com)
http://secunia.com/advisories/43128(secalert@redhat.com)
http://secunia.com/advisories/43243(secalert@redhat.com)
http://www.cpanel.net/2010/12/critical-exim-security-update.html(secalert@redhat.com)
http://www.debian.org/security/2010/dsa-2131(secalert@redhat.com)
http://www.debian.org/security/2011/dsa-2154(secalert@redhat.com)
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html(secalert@redhat.com)
http://www.kb.cert.org/vuls/id/758489(secalert@redhat.com)
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2021/05/04/7(secalert@redhat.com)
http://www.redhat.com/support/errata/RHSA-2011-0153.html(secalert@redhat.com)
http://www.securityfocus.com/archive/1/515172/100/0/threaded(secalert@redhat.com)
http://www.securityfocus.com/bid/45341(secalert@redhat.com)
http://www.securitytracker.com/id?1024859(secalert@redhat.com)
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/(secalert@redhat.com)
http://www.ubuntu.com/usn/USN-1060-1(secalert@redhat.com)
http://www.vupen.com/english/advisories/2010/3171(secalert@redhat.com)
http://www.vupen.com/english/advisories/2010/3204(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0135(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0245(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0364(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=662012(secalert@redhat.com)
http://bugs.exim.org/show_bug.cgi?id=1044(af854a3a-2127-422b-91ae-364da2661108)
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/12/10/1(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42576(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42930(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43128(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43243(af854a3a-2127-422b-91ae-364da2661108)
http://www.cpanel.net/2010/12/critical-exim-security-update.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2131(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2154(af854a3a-2127-422b-91ae-364da2661108)
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/758489(af854a3a-2127-422b-91ae-364da2661108)
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/04/7(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0153.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/515172/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45341(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024859(af854a3a-2127-422b-91ae-364da2661108)
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1060-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3171(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3204(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0135(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0245(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0364(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=662012(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.