CVE-2010-4345
HIGHCVSS 7.8/10Actively ExploitedEPSS 17.79%
Last modified
CVE-2010-4345 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.. CISA has confirmed active exploitation in the wild. EPSS estimates a 17.79% chance of exploitation in the next 30 days.
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | <= 4.72 |
| Opensuse | Opensuse | 11.1 |
| Opensuse | Opensuse | 11.2 |
| Opensuse | Opensuse | 11.3 |
| Debian | Debian Linux | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 8.04 |
| Canonical | Ubuntu Linux | 9.10 |
| Canonical | Ubuntu Linux | 10.04 |
| Canonical | Ubuntu Linux | 10.10 |
References
- http://bugs.exim.org/show_bug.cgi?id=1044Issue Tracking, Patch
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.htmlMailing List, Patch
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/42576Broken Link, Vendor Advisory
- http://secunia.com/advisories/42930Broken Link
- http://secunia.com/advisories/43128Broken Link
- http://secunia.com/advisories/43243Broken Link
- http://www.debian.org/security/2010/dsa-2131Mailing List, Third Party Advisory
- http://www.debian.org/security/2011/dsa-2154Mailing List, Third Party Advisory
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.htmlMailing List, Vendor Advisory
- http://www.kb.cert.org/vuls/id/758489Third Party Advisory, US Government Resource
- http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_formatThird Party Advisory
- http://www.securityfocus.com/archive/1/515172/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45341Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024859Broken Link, Third Party Advisory, VDB Entry
- http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/Press/Media Coverage, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1060-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/3171Broken Link, Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3204Broken Link, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=662012Issue Tracking, Patch
- http://bugs.exim.org/show_bug.cgi?id=1044Issue Tracking, Patch
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.htmlMailing List, Patch
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/42576Broken Link, Vendor Advisory
- http://secunia.com/advisories/42930Broken Link
- http://secunia.com/advisories/43128Broken Link
- http://secunia.com/advisories/43243Broken Link
- http://www.debian.org/security/2010/dsa-2131Mailing List, Third Party Advisory
- http://www.debian.org/security/2011/dsa-2154Mailing List, Third Party Advisory
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.htmlMailing List, Vendor Advisory
- http://www.kb.cert.org/vuls/id/758489Third Party Advisory, US Government Resource
- http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_formatThird Party Advisory
- http://www.securityfocus.com/archive/1/515172/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45341Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024859Broken Link, Third Party Advisory, VDB Entry
- http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/Press/Media Coverage, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1060-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/3171Broken Link, Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3204Broken Link, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=662012Issue Tracking, Patch
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2010-4345?
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
How severe is CVE-2010-4345?
CVE-2010-4345 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 17.79% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2010-4345?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2010-4345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST