Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2010-4345
HistoryDec 14, 2010 - 12:00 a.m.

CVE-2010-4345

2010-12-1400:00:00
ubuntu.com
ubuntu.com
43

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.8%

JSON

Exim 4.72 and earlier allows local users to gain privileges by leveraging
the ability of the exim user account to specify an alternate configuration
file with a directive that contains arbitrary commands, as demonstrated by
the spool_directory directive.

Bugs

Notes

Author Note
mdeslaur patches are behaviour-altering. See list of changes here: http://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/IncompatibleChanges See debian dsa-2154-2 for regression fix http://lists.debian.org/debian-security-announce/2011/msg00020.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchexim4< 4.60-3ubuntu3.3UNKNOWN
ubuntu8.04noarchexim4< 4.69-2ubuntu0.3UNKNOWN
ubuntu9.10noarchexim4< 4.69-11ubuntu4.2UNKNOWN
ubuntu10.04noarchexim4< 4.71-3ubuntu1.1UNKNOWN
ubuntu10.10noarchexim4< 4.72-1ubuntu1.1UNKNOWN

Related

prion 1
openvas 20
nvd 1
attackerkb 1
veracode 1
cisa_kev 1
nessus 13
checkpoint_advisories 1
freebsd 1
seebug 1
centos 1
cvelist 1
cve 1
debiancve 1
debian 7
redhat 1
oraclelinux 1
cert 1
suse 1
osv 3
securityvulns 4
packetstorm 1
metasploit 1
exploitdb 1
ubuntucve 1
nmap 1
ubuntu 1
thn 1
gentoo 1
prion
prion
Design/Logic Flaw
2010-12-14 16:00:00
openvas
openvas
CentOS Update for exim CESA-2011:0153 centos4 i386
2011-01-31 00:00:00
CentOS Update for exim CESA-2011:0153 centos4 i386
2011-01-31 00:00:00
CentOS Update for exim CESA-2011:0153 centos4 x86_64
2012-07-30 00:00:00
nvd
nvd
CVE-2010-4345
2010-12-14 16:00:04
attackerkb
attackerkb
CVE-2010-4345
2010-12-14 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:53:13
cisa_kev
cisa_kev
Exim Privilege Escalation Vulnerability
2022-03-25 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : exim (ELSA-2011-0153)
2013-07-12 00:00:00
Scientific Linux Security Update : exim on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 / 5 : exim (RHSA-2011:0153)
2011-01-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Exim Remote Code Execution (CVE-2010-4345)
2022-05-02 00:00:00
freebsd
freebsd
exim -- local privilege escalation
2010-12-10 00:00:00
seebug
seebug
Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
2014-07-01 00:00:00
centos
centos
exim security update
2011-01-27 09:23:09
cvelist
cvelist
CVE-2010-4345
2010-12-14 15:00:00
cve
cve
CVE-2010-4345
2010-12-14 16:00:04
debiancve
debiancve
CVE-2010-4345
2010-12-14 16:00:04
debian
debian
[BSA-016] Security Update for exim4
2011-01-06 14:20:03
[SECURITY] [DSA-2154-1] exim4 security update
2011-01-30 10:41:58
[SECURITY] [DSA-2154-2] exim4 regression fix
2011-01-30 22:04:57
redhat
redhat
(RHSA-2011:0153) Moderate: exim security update
2011-01-17 00:00:00
oraclelinux
oraclelinux
exim security update
2011-01-17 00:00:00
cert
cert
Exim alternate configuration privilege escalation vulnerability
2010-12-13 00:00:00
suse
suse
remote code execution in exim
2010-12-13 10:39:26
osv
osv
exim4 - remote code execution
2010-12-10 00:00:00
exim4 - privilege escalation
2011-01-30 00:00:00
exim-4.86.2-2.2 on GA media
2024-06-15 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2154-1] exim4 security update
2011-02-03 00:00:00
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
2010-12-12 00:00:00
Exim memory corruption and remote code execution
2011-02-03 00:00:00
packetstorm
packetstorm
Exim4 <= 4.69 string_format Function Heap Buffer Overflow
2010-12-11 00:00:00
metasploit
metasploit
Exim4 string_format Function Heap Buffer Overflow
2010-12-11 10:55:24
exploitdb
exploitdb
Exim4 &lt; 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
2010-12-16 00:00:00
ubuntucve
ubuntucve
CVE-2011-0017
2011-02-01 00:00:00
nmap
nmap
smtp-vuln-cve2010-4344 NSE Script
2011-06-24 15:37:53
ubuntu
ubuntu
Exim vulnerabilities
2011-02-10 00:00:00
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00
gentoo
gentoo
Exim: Multiple vulnerabilities
2014-01-27 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.8%

JSON
Related for UB:CVE-2010-4345
prion1openvas20nvd1attackerkb1veracode1cisa_kev1nessus13checkpoint_advisories1freebsd1seebug1centos1cvelist1cve1debiancve1debian7redhat1oraclelinux1cert1suse1osv3securityvulns4packetstorm1metasploit1exploitdb1ubuntucve1nmap1ubuntu1thn1gentoo1