CyberSec.Space Logo
Back to CVE Browser

CVE-2010-4345

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score80.1960%
EPSS Percentile92.86th
PublishedDec 14, 2010
Last ModifiedApr 21, 2026

Vulnerability Description

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Affected Platforms (CPE)

πŸ“¦
Exim

Exim

<= 4.72
πŸ’»
Opensuse

Opensuse

= 11.1
πŸ’»
Opensuse

Opensuse

= 11.2
πŸ’»
Opensuse

Opensuse

= 11.3
πŸ’»
Debian

Debian Linux

= 5.0
πŸ’»
Canonical

Ubuntu Linux

= 6.06
πŸ’»
Canonical

Ubuntu Linux

= 8.04
πŸ’»
Canonical

Ubuntu Linux

= 9.10
πŸ’»
Canonical

Ubuntu Linux

= 10.04
πŸ’»
Canonical

Ubuntu Linux

= 10.10

References & Advisories

πŸ”— http://bugs.exim.org/show_bug.cgi?id=1044
πŸ”— http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
πŸ”— http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
πŸ”— http://openwall.com/lists/oss-security/2010/12/10/1
πŸ”— http://secunia.com/advisories/42576
πŸ”— http://secunia.com/advisories/42930
πŸ”— http://secunia.com/advisories/43128

Related Vulnerabilities

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...