← back
CVE-2010-4345

CVE-2010-4345

CVSS 7.8 HIGHEPSS 17.8%● KEVCWE-77
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 17.8%KEV simPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
07 Dec 2010Metasploit module available
14 Dec 2010Published on NVD
16 Dec 2010Public PoC
25 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Exim mail server versions 4.72 and earlier allow local users to become the 'exim' system user and gain higher privileges by creating a custom configuration file that executes arbitrary commands. This is dangerous because attackers with local access can run malicious code with elevated permissions.

Technical detail

Local privilege escalation in Exim 4.72 and earlier via configuration file injection; the exim process permits unprivileged users to specify alternate configuration files (e.g., via spool_directory directive) that execute arbitrary shell commands with exim user privileges. Requires local system access and ability to create/modify configuration files.

Summary generated and translated by AI from the official description.
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/16925unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.exim.org/show_bug.cgi?id=1044http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.htmlhttp://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.htmlhttp://openwall.com/lists/oss-security/2010/12/10/1https://bugzilla.redhat.com/show_bug.cgi?id=662012http://secunia.com/advisories/42576http://secunia.com/advisories/42930http://secunia.com/advisories/43128http://secunia.com/advisories/43243https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345http://www.cpanel.net/2010/12/critical-exim-security-update.html