Page 8 of 43 results (0.014 seconds)

CVSS: 6.9EPSS: 1%CPEs: 67EXPL: 1

CVE-2010-4345 – Exim Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuración alternativa mediante una directiva que contenga comandos de su elección, como se demostró con la directiva spool_directory. Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands. • https://www.exploit-db.com/exploits/16925 http://bugs.exim.org/show_bug.cgi?id=1044 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html http://openwall.com/lists/oss-security/2010/12/10/1 http://secunia.com/advisories/42576 http://secunia.com/advisories/42930 http://secunia.com/advisories/43128 http://secunia • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 33EXPL: 0

CVE-2010-2023

https://notcve.org/view.php?id=CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file. transports/appendfile.c en Exim antes de v4.72, cuando se usa un directorio de correo con permisos de escritura para todos y sticky-bit activado, no verifica el campo de st_nlink de los ficheros de buzón de correo, que permite a usuarios locales causar una denegación de servicio o posiblemente obtener privilegios mediante la creación de un vínculo físico a un archivo de otro usuario. • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html http://bugs.exim.org/show_bug.cgi?id=988 http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40019 http://secunia.com/advisories/40123 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.4EPSS: 0%CPEs: 33EXPL: 0

CVE-2010-2024

https://notcve.org/view.php?id=CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. transports/appendfile.c en Exim anterior a v4.72, cuando el bloqueo MBX está habilitado, permite a usuarios locales cambiar permisos de archivos o crear archivos de su elección, y provocar una denegación de servicio o posiblemente obtener privilegios, a través de un ataque de enlace simbólico en un fichero bloqueado en /tmp/. • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html http://bugs.exim.org/show_bug.cgi?id=989 http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40019 http://secunia.com/advisories/40123 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 3

CVE-2005-0021 – Exim 4.41 - 'dns_build_reverse' Local Read Emails

https://notcve.org/view.php?id=CVE-2005-0021

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. • https://www.exploit-db.com/exploits/1009 https://www.exploit-db.com/exploits/756 http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44 http://security.gentoo.org/glsa/glsa-200501-23.xml http://www.debian.org/security/2005/dsa-635 http://www.debian.org/security/2005/dsa-637 http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html http://www.idefense.com/application/poi/display?id=179&type=vulnerabilities http://www.idefense.com •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-0022

https://notcve.org/view.php?id=CVE-2005-0022

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. • http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44 http://marc.info/?l=bugtraq&m=110824870908614&w=2 http://security.gentoo.org/glsa/glsa-200501-23.xml http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities http://www.redhat.com/support/errata/RHSA-2005-025.html http://www.securityfocus.com/bid/12188 https://oval.cisecurity.org/repository/search/definition/oval •