Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-4345

Published: 14 December 2010

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Notes

AuthorNote
mdeslaur
patches are behaviour-altering. See list of changes here:
http://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/IncompatibleChanges
See debian dsa-2154-2 for regression fix
http://lists.debian.org/debian-security-announce/2011/msg00020.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572

Priority

Medium

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
upstream
Released (4.73)
dapper
Released (4.60-3ubuntu3.3)
hardy
Released (4.69-2ubuntu0.3)
karmic
Released (4.69-11ubuntu4.2)
lucid
Released (4.71-3ubuntu1.1)
maverick
Released (4.72-1ubuntu1.1)
Patches:
upstream: http://git.exim.org/exim.git/commit/c1d94452b1b7f3620ee3cc9aa197ad98821de79f
upstream: http://git.exim.org/exim.git/commit/e2f5dc151e2e79058e93924e6d35510557f0535d
upstream: http://git.exim.org/exim.git/commit/cd25e41d2d044556e024f0292a17c5ec3cc7987b
upstream: http://git.exim.org/exim.git/commit/261dc43e32f6039781ca92535e56f5caaa68b809
upstream: http://git.exim.org/exim.git/commit/fa32850be0d9e605da1b33305c122f7a59a24650
upstream: http://git.exim.org/exim.git/commit/1e83d68b72d24d6255d2e78facbe01656515ab4f
upstream: http://git.exim.org/exim.git/commit/79d4bc3d95d75446a2d149ca35525f078a978027
upstream: http://git.exim.org/exim.git/commit/d7177eb2021bc5517b2d8fab2269564f30d4446e
upstream: http://git.exim.org/exim.git/commit/a7cbbf501402231457e8167b6d446f4df454ba17
upstream: http://git.exim.org/exim.git/commit/2cfd322193567dbbeca47b0fc0ee2836f46e2600
upstream: http://git.exim.org/exim.git/commit/66581d1e830f4e68f2b074b8d79a80645c6a72ea
upstream: http://git.exim.org/exim.git/commit/74935b987fd0312f535747fea636883ae22fec77
upstream: http://git.exim.org/exim.git/commit/90b6341f7282beed1175e942a113c30c212425c9
upstream: http://git.exim.org/exim.git/commit/7f7f05454657fe756dd06d2ee11bfe70c5a1a9a0
upstream: http://git.exim.org/exim.git/commit/cc5fdbc2db990d876fb7bfa68f9c7253d064cef7
upstream: http://git.exim.org/exim.git/commit/fea24b2ea4e2c2a4b77d6fb222054e32e658b227
upstream: http://git.exim.org/exim.git/commit/33191679e1a86ba6d9c38a74d0795d00c300f2c5
upstream: http://git.exim.org/exim.git/commit/b7487bcec431809cb7fc3c2b42fcd607e43d37e7