CyberSec.Space Logo
CVEブラウザに戻る

CVE-2010-4345

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score80.1960%
EPSS Percentile92.86th
Published2010年12月14日
Last Modified2026年4月21日

Vulnerability Description

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Affected Platforms (CPE)

📦
Exim

Exim

<= 4.72
💻
Opensuse

Opensuse

= 11.1
💻
Opensuse

Opensuse

= 11.2
💻
Opensuse

Opensuse

= 11.3
💻
Debian

Debian Linux

= 5.0
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 9.10
💻
Canonical

Ubuntu Linux

= 10.04
💻
Canonical

Ubuntu Linux

= 10.10

References & Advisories

🔗 http://bugs.exim.org/show_bug.cgi?id=1044
🔗 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
🔗 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
🔗 http://openwall.com/lists/oss-security/2010/12/10/1
🔗 http://secunia.com/advisories/42576
🔗 http://secunia.com/advisories/42930
🔗 http://secunia.com/advisories/43128

関連する脆弱性情報

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...