CVE-2010-4345 - Vulnerability Details

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since March 25, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Exim	Exim
Opensuse	Opensuse
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
exim-0:4.43-1.RHEL4.5.el4_8.3	cpe:/o:redhat:enterprise_linux:4	RHSA-2011:0153	2011-01-17T00:00:00Z
Red Hat Enterprise Linux 5
exim-0:4.63-5.el5_6.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:0153	2011-01-17T00:00:00Z

References

Link	Providers
http://bugs.exim.org/show_bug.cgi?id=1044
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://openwall.com/lists/oss-security/2010/12/10/1
http://secunia.com/advisories/42576
http://secunia.com/advisories/42930
http://secunia.com/advisories/43128
http://secunia.com/advisories/43243
http://www.cpanel.net/2010/12/critical-exim-security-update.html
http://www.debian.org/security/2010/dsa-2131
http://www.debian.org/security/2011/dsa-2154
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://www.kb.cert.org/vuls/id/758489
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://www.redhat.com/support/errata/RHSA-2011-0153.html
http://www.securityfocus.com/archive/1/515172/100/0/threaded
http://www.securityfocus.com/bid/45341
http://www.securitytracker.com/id?1024859
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/3171
http://www.vupen.com/english/advisories/2010/3204
http://www.vupen.com/english/advisories/2011/0135
http://www.vupen.com/english/advisories/2011/0245
http://www.vupen.com/english/advisories/2011/0364
https://bugzilla.redhat.com/show_bug.cgi?id=662012
https://nvd.nist.gov/vuln/detail/CVE-2010-4345
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2010-4345

History

Fri, 07 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-77
Metrics		kev `{'dateAdded': '2022-03-25'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-12-14T15:00:00.000Z

Updated: 2025-02-07T13:33:42.402Z

Reserved: 2010-11-30T00:00:00.000Z

Link: CVE-2010-4345

Vulnrichment

Updated: 2024-08-07T03:43:14.742Z

NVD

Status : Deferred

Published: 2010-12-14T16:00:04.257

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4345

Redhat

Severity : Moderate

Publid Date: 2010-12-07T00:00:00Z

Links: CVE-2010-4345 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-04T17:06:32.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43128", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43128"}, {"name": "SUSE-SA:2010:059", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"}, {"name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"}, {"name": "VU#758489", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/758489"}, {"name": "[exim-dev] 20101207 Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"}, {"name": "ADV-2011-0364", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0364"}, {"tags": ["x_refsource_MISC"], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"}, {"name": "RHSA-2011:0153", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"}, {"name": "45341", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45341"}, {"name": "42930", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42930"}, {"name": "42576", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42576"}, {"name": "43243", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43243"}, {"name": "1024859", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024859"}, {"name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"}, {"name": "DSA-2154", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2154"}, {"name": "20101213 Exim security issue in historical release", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"}, {"name": "ADV-2011-0245", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0245"}, {"name": "ADV-2011-0135", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0135"}, {"name": "USN-1060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1060-1"}, {"name": "ADV-2010-3204", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3204"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.exim.org/show_bug.cgi?id=1044"}, {"name": "DSA-2131", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2131"}, {"name": "ADV-2010-3171", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3171"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"}, {"name": "[oss-security] 20101210 Exim remote root", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/12/10/1"}, {"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.742Z"}, "title": "CVE Program Container", "references": [{"name": "43128", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43128"}, {"name": "SUSE-SA:2010:059", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"}, {"name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"}, {"name": "VU#758489", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/758489"}, {"name": "[exim-dev] 20101207 Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"}, {"name": "ADV-2011-0364", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0364"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"}, {"name": "RHSA-2011:0153", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"}, {"name": "45341", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45341"}, {"name": "42930", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42930"}, {"name": "42576", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42576"}, {"name": "43243", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43243"}, {"name": "1024859", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024859"}, {"name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"}, {"name": "DSA-2154", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2154"}, {"name": "20101213 Exim security issue in historical release", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"}, {"name": "ADV-2011-0245", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0245"}, {"name": "ADV-2011-0135", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0135"}, {"name": "USN-1060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1060-1"}, {"name": "ADV-2010-3204", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3204"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.exim.org/show_bug.cgi?id=1044"}, {"name": "DSA-2131", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2131"}, {"name": "ADV-2010-3171", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3171"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"}, {"name": "[oss-security] 20101210 Exim remote root", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/12/10/1"}, {"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T13:24:14.950730Z", "id": "CVE-2010-4345", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-4345"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:33:42.402Z"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4345", "datePublished": "2010-12-14T15:00:00.000Z", "dateReserved": "2010-11-30T00:00:00.000Z", "dateUpdated": "2025-02-07T13:33:42.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://secunia.com/advisories/43128", "name": "43128", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html", "name": "SUSE-SA:2010:059", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html", "name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/758489", "name": "VU#758489", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"]}, {"url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html", "name": "[exim-dev] 20101207 Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0364", "name": "ADV-2011-0364", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html", "name": "RHSA-2011:0153", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/45341", "name": "45341", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://secunia.com/advisories/42930", "name": "42930", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/42576", "name": "42576", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/43243", "name": "43243", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1024859", "name": "1024859", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html", "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.debian.org/security/2011/dsa-2154", "name": "DSA-2154", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded", "name": "20101213 Exim security issue in historical release", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0245", "name": "ADV-2011-0245", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0135", "name": "ADV-2011-0135", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1060-1", "name": "USN-1060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2010/3204", "name": "ADV-2010-3204", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://bugs.exim.org/show_bug.cgi?id=1044", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.debian.org/security/2010/dsa-2131", "name": "DSA-2131", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2010/3171", "name": "ADV-2010-3171", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://openwall.com/lists/oss-security/2010/12/10/1", "name": "[oss-security] 20101210 Exim remote root", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.742Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2010-4345", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:24:14.950730Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-4345"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:25:42.642Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-07T00:00:00.000Z", "references": [{"url": "http://secunia.com/advisories/43128", "name": "43128", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html", "name": "SUSE-SA:2010:059", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html", "name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.kb.cert.org/vuls/id/758489", "name": "VU#758489", "tags": ["third-party-advisory", "x_refsource_CERT-VN"]}, {"url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html", "name": "[exim-dev] 20101207 Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.vupen.com/english/advisories/2011/0364", "name": "ADV-2011-0364", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "tags": ["x_refsource_MISC"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html", "name": "RHSA-2011:0153", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/bid/45341", "name": "45341", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://secunia.com/advisories/42930", "name": "42930", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/42576", "name": "42576", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/43243", "name": "43243", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.securitytracker.com/id?1024859", "name": "1024859", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html", "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.debian.org/security/2011/dsa-2154", "name": "DSA-2154", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded", "name": "20101213 Exim security issue in historical release", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", "tags": ["x_refsource_MISC"]}, {"url": "http://www.vupen.com/english/advisories/2011/0245", "name": "ADV-2011-0245", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.vupen.com/english/advisories/2011/0135", "name": "ADV-2011-0135", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.ubuntu.com/usn/USN-1060-1", "name": "USN-1060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.vupen.com/english/advisories/2010/3204", "name": "ADV-2010-3204", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://bugs.exim.org/show_bug.cgi?id=1044", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.debian.org/security/2010/dsa-2131", "name": "DSA-2131", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://www.vupen.com/english/advisories/2010/3171", "name": "ADV-2010-3171", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://openwall.com/lists/oss-security/2010/12/10/1", "name": "[oss-security] 20101210 Exim remote root", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim", "tags": ["mailing-list", "x_refsource_MLIST"]}], "descriptions": [{"lang": "en", "value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2021-05-04T17:06:32.000Z"}}}, "cveMetadata": {"cveId": "CVE-2010-4345", "state": "PUBLISHED", "dateUpdated": "2025-02-07T13:33:42.402Z", "dateReserved": "2010-11-30T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2010-12-14T15:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Exim Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "91805B65-DDF2-4888-8F81-011F8D78B558", "versionEndIncluding": "4.72", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."}, {"lang": "es", "value": "Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuraci\u00f3n alternativa mediante una directiva que contenga comandos de su elecci\u00f3n, como se demostr\u00f3 con la directiva spool_directory."}], "id": "CVE-2010-4345", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2010-12-14T16:00:04.257", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "http://bugs.exim.org/show_bug.cgi?id=1044"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2010/12/10/1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/42576"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/42930"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43128"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43243"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2131"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2154"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/758489"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45341"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1024859"}, {"source": "secalert@redhat.com", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1060-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3171"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3204"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0135"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0245"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0364"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "http://bugs.exim.org/show_bug.cgi?id=1044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2010/12/10/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/42576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/42930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/758489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1024859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1060-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0245"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0153", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "exim-0:4.43-1.RHEL4.5.el4_8.3", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2011-01-17T00:00:00Z"}, {"advisory": "RHSA-2011:0153", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "exim-0:4.63-5.el5_6.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-01-17T00:00:00Z"}], "bugzilla": {"description": "exim: privilege escalation", "id": "662012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-78", "details": ["Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."], "name": "CVE-2010-4345", "public_date": "2010-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4345\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4345\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object