PT-2010-5428 · Exim+1 · Exim+1

Mark J. Cox

Publicado

2010-12-14

Atualizado

2025-03-13

CVE-2010-4345

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exim versions 4.72 and earlier

Description The issue allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool directory directive.

Recommendations For Exim versions 4.72 and earlier, consider restricting the ability of the exim user account to specify alternate configuration files until a patch is available. As a temporary workaround, consider disabling the use of the spool directory directive in configuration files to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2010-4345

DSA-2154-1

OPENSUSE-SU-2024:10017-1

RHSA-2011:0153

RHSA-2011_0153

Produtos afetados

Exim

Red Hat

PT-2010-5428 · Exim+1 · Exim+1

CVE-2010-4345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 53