CVE-2010-4345
Published: 14 December 2010
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Notes
Author | Note |
---|---|
mdeslaur | patches are behaviour-altering. See list of changes here: http://git.exim.org/exim.git/blob/HEAD:/doc/doc-txt/IncompatibleChanges See debian dsa-2154-2 for regression fix http://lists.debian.org/debian-security-announce/2011/msg00020.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572 |
Priority
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://www.exim.org/lurker/message/20101210.071922.233697ac.en.html#exim-dev
- http://www.debian.org/security/2011/dsa-2154
- https://ubuntu.com/security/notices/USN-1060-1
- NVD
- Launchpad
- Debian