CVE-2010-4344
Exim Heap-Based Buffer Overflow Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Desbordamiento de búfer basado en montículo en la función string_vformat en string.c en Exim antes de v4.70 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de SMTP que incluye dos comandos MAIL junto con un mensaje de gran tamaño que contiene cabeceras modificadas, lo que lleva a un registro impropio del rechazo.
Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-30 CVE Reserved
- 2010-12-11 First Exploit
- 2010-12-14 CVE Published
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2025-02-07 CVE Updated
- 2025-03-30 EPSS Updated
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (36)
| URL | Tag | Source |
|---|---|---|
| ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 | X_refsource_confirm | |
| http://atmail.com/blog/2010/atmail-6204-now-available | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2010/12/10/1 | Mailing List | |
| http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html | X_refsource_confirm | |
| http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html | Mailing List | |
| http://www.kb.cert.org/vuls/id/682457 | Third Party Advisory |
|
| http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format | X_refsource_misc | |
| http://www.openwall.com/lists/oss-security/2021/05/04/7 | Mailing List |
|
| http://www.securityfocus.com/archive/1/515172/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/45308 | Vdb Entry | |
| http://www.securitytracker.com/id?1024858 | Vdb Entry | |
| http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril | X_refsource_misc | |
| http://www.vupen.com/english/advisories/2010/3317 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16925 | 2010-12-16 | |
| https://www.exploit-db.com/exploits/15725 | 2010-12-11 | |
| http://www.osvdb.org/69685 | 2025-02-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=661756 | 2025-02-07 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.exim.org/show_bug.cgi?id=787 | 2023-02-13 | |
| http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b | 2023-02-13 | |
| http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html | 2023-02-13 | |
| http://secunia.com/advisories/40019 | 2023-02-13 | |
| http://secunia.com/advisories/42576 | 2023-02-13 | |
| http://secunia.com/advisories/42586 | 2023-02-13 | |
| http://secunia.com/advisories/42587 | 2023-02-13 | |
| http://secunia.com/advisories/42589 | 2023-02-13 | |
| http://www.debian.org/security/2010/dsa-2131 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2010-0970.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1032-1 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3171 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3172 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3181 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3186 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3204 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3246 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-4344 | 2010-12-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | <= 4.69 Search vendor "Exim" for product "Exim" and version " <= 4.69" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.10 Search vendor "Exim" for product "Exim" and version "2.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.11 Search vendor "Exim" for product "Exim" and version "2.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.12 Search vendor "Exim" for product "Exim" and version "2.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.00 Search vendor "Exim" for product "Exim" and version "3.00" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.01 Search vendor "Exim" for product "Exim" and version "3.01" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.02 Search vendor "Exim" for product "Exim" and version "3.02" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.03 Search vendor "Exim" for product "Exim" and version "3.03" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.10 Search vendor "Exim" for product "Exim" and version "3.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.11 Search vendor "Exim" for product "Exim" and version "3.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.12 Search vendor "Exim" for product "Exim" and version "3.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.13 Search vendor "Exim" for product "Exim" and version "3.13" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.14 Search vendor "Exim" for product "Exim" and version "3.14" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.15 Search vendor "Exim" for product "Exim" and version "3.15" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.16 Search vendor "Exim" for product "Exim" and version "3.16" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.20 Search vendor "Exim" for product "Exim" and version "3.20" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.21 Search vendor "Exim" for product "Exim" and version "3.21" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.22 Search vendor "Exim" for product "Exim" and version "3.22" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.30 Search vendor "Exim" for product "Exim" and version "3.30" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.31 Search vendor "Exim" for product "Exim" and version "3.31" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.32 Search vendor "Exim" for product "Exim" and version "3.32" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.33 Search vendor "Exim" for product "Exim" and version "3.33" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.34 Search vendor "Exim" for product "Exim" and version "3.34" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.35 Search vendor "Exim" for product "Exim" and version "3.35" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.36 Search vendor "Exim" for product "Exim" and version "3.36" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.00 Search vendor "Exim" for product "Exim" and version "4.00" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.01 Search vendor "Exim" for product "Exim" and version "4.01" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.02 Search vendor "Exim" for product "Exim" and version "4.02" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.03 Search vendor "Exim" for product "Exim" and version "4.03" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.04 Search vendor "Exim" for product "Exim" and version "4.04" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.05 Search vendor "Exim" for product "Exim" and version "4.05" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.10 Search vendor "Exim" for product "Exim" and version "4.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.11 Search vendor "Exim" for product "Exim" and version "4.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.12 Search vendor "Exim" for product "Exim" and version "4.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.14 Search vendor "Exim" for product "Exim" and version "4.14" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.20 Search vendor "Exim" for product "Exim" and version "4.20" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.21 Search vendor "Exim" for product "Exim" and version "4.21" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.22 Search vendor "Exim" for product "Exim" and version "4.22" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.23 Search vendor "Exim" for product "Exim" and version "4.23" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.24 Search vendor "Exim" for product "Exim" and version "4.24" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.30 Search vendor "Exim" for product "Exim" and version "4.30" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.31 Search vendor "Exim" for product "Exim" and version "4.31" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.32 Search vendor "Exim" for product "Exim" and version "4.32" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.33 Search vendor "Exim" for product "Exim" and version "4.33" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.34 Search vendor "Exim" for product "Exim" and version "4.34" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.40 Search vendor "Exim" for product "Exim" and version "4.40" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.41 Search vendor "Exim" for product "Exim" and version "4.41" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.42 Search vendor "Exim" for product "Exim" and version "4.42" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.43 Search vendor "Exim" for product "Exim" and version "4.43" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.44 Search vendor "Exim" for product "Exim" and version "4.44" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.50 Search vendor "Exim" for product "Exim" and version "4.50" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.51 Search vendor "Exim" for product "Exim" and version "4.51" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.52 Search vendor "Exim" for product "Exim" and version "4.52" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.53 Search vendor "Exim" for product "Exim" and version "4.53" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.54 Search vendor "Exim" for product "Exim" and version "4.54" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.60 Search vendor "Exim" for product "Exim" and version "4.60" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.61 Search vendor "Exim" for product "Exim" and version "4.61" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.62 Search vendor "Exim" for product "Exim" and version "4.62" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.63 Search vendor "Exim" for product "Exim" and version "4.63" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.64 Search vendor "Exim" for product "Exim" and version "4.64" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.65 Search vendor "Exim" for product "Exim" and version "4.65" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.66 Search vendor "Exim" for product "Exim" and version "4.66" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.67 Search vendor "Exim" for product "Exim" and version "4.67" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.68 Search vendor "Exim" for product "Exim" and version "4.68" | - |
Affected
| ||||||