You are here

CVE-2010-4345

Vincent (CVE) Danen's picture
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Details Source

Mitre

Public Date

2010-12-07 00:00:00

Impact

Moderate

Bugzilla

CVE-2010-4345 exim privilege escalation

Bugzilla ID

662 012

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:L/AC:L/Au:S/C:C/I:C/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (exim) RHSA-2011:0153 2011-01-17
Red Hat Enterprise Linux 4 (exim) RHSA-2011:0153 2011-01-17

CWE

CWE-78