CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2010-4345

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score80.1960%
EPSS Percentile92.86th
Published2010年12月14日
Last Modified2026年4月21日

Vulnerability Description

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Affected Platforms (CPE)

📦
Exim

Exim

<= 4.72
💻
Opensuse

Opensuse

= 11.1
💻
Opensuse

Opensuse

= 11.2
💻
Opensuse

Opensuse

= 11.3
💻
Debian

Debian Linux

= 5.0
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 9.10
💻
Canonical

Ubuntu Linux

= 10.04
💻
Canonical

Ubuntu Linux

= 10.10

References & Advisories

🔗 http://bugs.exim.org/show_bug.cgi?id=1044
🔗 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
🔗 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
🔗 http://openwall.com/lists/oss-security/2010/12/10/1
🔗 http://secunia.com/advisories/42576
🔗 http://secunia.com/advisories/42930
🔗 http://secunia.com/advisories/43128

相關漏洞威脅

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...