CVE-2010-4345
Exim Privilege Escalation Vulnerability
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuración alternativa mediante una directiva que contenga comandos de su elección, como se demostró con la directiva spool_directory.
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-30 CVE Reserved
- 2010-12-11 CVE Published
- 2010-12-16 First Exploit
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2024-07-17 EPSS Updated
- 2024-08-07 CVE Updated
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (30)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16925 | 2010-12-16 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.exim.org/show_bug.cgi?id=1044 | 2023-02-13 | |
| http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=662012 | 2011-01-17 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html | 2023-02-13 | |
| http://secunia.com/advisories/42576 | 2023-02-13 | |
| http://www.debian.org/security/2010/dsa-2131 | 2023-02-13 | |
| http://www.debian.org/security/2011/dsa-2154 | 2023-02-13 | |
| http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0153.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1060-1 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3171 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3204 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-4345 | 2011-01-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | <= 4.72 Search vendor "Exim" for product "Exim" and version " <= 4.72" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.10 Search vendor "Exim" for product "Exim" and version "2.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.11 Search vendor "Exim" for product "Exim" and version "2.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 2.12 Search vendor "Exim" for product "Exim" and version "2.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.00 Search vendor "Exim" for product "Exim" and version "3.00" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.01 Search vendor "Exim" for product "Exim" and version "3.01" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.02 Search vendor "Exim" for product "Exim" and version "3.02" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.03 Search vendor "Exim" for product "Exim" and version "3.03" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.10 Search vendor "Exim" for product "Exim" and version "3.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.11 Search vendor "Exim" for product "Exim" and version "3.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.12 Search vendor "Exim" for product "Exim" and version "3.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.13 Search vendor "Exim" for product "Exim" and version "3.13" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.14 Search vendor "Exim" for product "Exim" and version "3.14" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.15 Search vendor "Exim" for product "Exim" and version "3.15" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.16 Search vendor "Exim" for product "Exim" and version "3.16" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.20 Search vendor "Exim" for product "Exim" and version "3.20" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.21 Search vendor "Exim" for product "Exim" and version "3.21" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.22 Search vendor "Exim" for product "Exim" and version "3.22" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.30 Search vendor "Exim" for product "Exim" and version "3.30" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.31 Search vendor "Exim" for product "Exim" and version "3.31" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.32 Search vendor "Exim" for product "Exim" and version "3.32" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.33 Search vendor "Exim" for product "Exim" and version "3.33" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.34 Search vendor "Exim" for product "Exim" and version "3.34" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.35 Search vendor "Exim" for product "Exim" and version "3.35" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 3.36 Search vendor "Exim" for product "Exim" and version "3.36" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.00 Search vendor "Exim" for product "Exim" and version "4.00" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.01 Search vendor "Exim" for product "Exim" and version "4.01" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.02 Search vendor "Exim" for product "Exim" and version "4.02" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.03 Search vendor "Exim" for product "Exim" and version "4.03" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.04 Search vendor "Exim" for product "Exim" and version "4.04" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.05 Search vendor "Exim" for product "Exim" and version "4.05" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.10 Search vendor "Exim" for product "Exim" and version "4.10" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.11 Search vendor "Exim" for product "Exim" and version "4.11" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.12 Search vendor "Exim" for product "Exim" and version "4.12" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.14 Search vendor "Exim" for product "Exim" and version "4.14" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.20 Search vendor "Exim" for product "Exim" and version "4.20" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.21 Search vendor "Exim" for product "Exim" and version "4.21" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.22 Search vendor "Exim" for product "Exim" and version "4.22" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.23 Search vendor "Exim" for product "Exim" and version "4.23" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.24 Search vendor "Exim" for product "Exim" and version "4.24" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.30 Search vendor "Exim" for product "Exim" and version "4.30" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.31 Search vendor "Exim" for product "Exim" and version "4.31" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.32 Search vendor "Exim" for product "Exim" and version "4.32" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.33 Search vendor "Exim" for product "Exim" and version "4.33" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.34 Search vendor "Exim" for product "Exim" and version "4.34" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.40 Search vendor "Exim" for product "Exim" and version "4.40" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.41 Search vendor "Exim" for product "Exim" and version "4.41" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.42 Search vendor "Exim" for product "Exim" and version "4.42" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.43 Search vendor "Exim" for product "Exim" and version "4.43" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.44 Search vendor "Exim" for product "Exim" and version "4.44" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.50 Search vendor "Exim" for product "Exim" and version "4.50" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.51 Search vendor "Exim" for product "Exim" and version "4.51" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.52 Search vendor "Exim" for product "Exim" and version "4.52" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.53 Search vendor "Exim" for product "Exim" and version "4.53" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.54 Search vendor "Exim" for product "Exim" and version "4.54" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.60 Search vendor "Exim" for product "Exim" and version "4.60" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.61 Search vendor "Exim" for product "Exim" and version "4.61" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.62 Search vendor "Exim" for product "Exim" and version "4.62" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.63 Search vendor "Exim" for product "Exim" and version "4.63" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.64 Search vendor "Exim" for product "Exim" and version "4.64" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.65 Search vendor "Exim" for product "Exim" and version "4.65" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.66 Search vendor "Exim" for product "Exim" and version "4.66" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.67 Search vendor "Exim" for product "Exim" and version "4.67" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.68 Search vendor "Exim" for product "Exim" and version "4.68" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.69 Search vendor "Exim" for product "Exim" and version "4.69" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.70 Search vendor "Exim" for product "Exim" and version "4.70" | - |
Affected
| ||||||
| Exim Search vendor "Exim" | Exim Search vendor "Exim" for product "Exim" | 4.71 Search vendor "Exim" for product "Exim" and version "4.71" | - |
Affected
| ||||||