CVE-2010-4345

Beschreibung:
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

CWE: CWE-264

CVSS-Bewertung
CVSS 2: MEDIUM – 6.9 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2010-4345
CVE – CVE-2010-4345

Link (max. 20) Quelle Tags
[oss-security] 20101210 Exim remote root MLIST Exploit Vendor Advisory Third Party Advisory
[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim MLIST Patch Third Party Advisory VDB Entry Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=662012 CONFIRM Patch Third Party Advisory VDB Entry
[exim-dev] 20101207 Remote root vulnerability in Exim MLIST Vendor Advisory Third Party Advisory VDB Entry
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ MISC Third Party Advisory Third Party Advisory
[exim-dev] 20101210 Re: Remote root vulnerability in Exim MLIST Third Party Advisory VDB Entry
http://bugs.exim.org/show_bug.cgi?id=1044 CONFIRM Patch Third Party Advisory VDB Entry
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format MISC Third Party Advisory
SUSE-SA:2010:059 SUSE Third Party Advisory VDB Entry
ADV-2010-3204 VUPEN Vendor Advisory Third Party Advisory VDB Entry
VU#758489 CERT-VN US Government Resource
ADV-2010-3171 VUPEN Vendor Advisory
DSA-2131 DEBIAN Third Party Advisory Third Party Advisory VDB Entry
42576 SECUNIA Vendor Advisory
http://www.cpanel.net/2010/12/critical-exim-security-update.html CONFIRM Third Party Advisory
45341 BID Third Party Advisory
1024859 SECTRACK Third Party Advisory
ADV-2011-0135 VUPEN Third Party Advisory
42930 SECUNIA Third Party Advisory
RHSA-2011:0153 REDHAT Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2010-4345
Datum Veröffentlichung: 2010-12-14T16:00Z, Datum letzte Änderung: 2021-05-04T18:15Z