CVE-2010-4345
CVE-2010-4345
In short
Exim mail server versions 4.72 and earlier allow local users to become the 'exim' system user and gain higher privileges by creating a custom configuration file that executes arbitrary commands. This is dangerous because attackers with local access can run malicious code with elevated permissions.
Technical detail
Local privilege escalation in Exim 4.72 and earlier via configuration file injection; the exim process permits unprivileged users to specify alternate configuration files (e.g., via spool_directory directive) that execute arbitrary shell commands with exim user privileges. Requires local system access and ability to create/modify configuration files.
Summary generated and translated by AI from the official description.
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/16925unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.exim.org/show_bug.cgi?id=1044http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.htmlhttp://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.htmlhttp://openwall.com/lists/oss-security/2010/12/10/1https://bugzilla.redhat.com/show_bug.cgi?id=662012http://secunia.com/advisories/42576http://secunia.com/advisories/42930http://secunia.com/advisories/43128http://secunia.com/advisories/43243https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345http://www.cpanel.net/2010/12/critical-exim-security-update.html