CVE-2010-4345

HIGH KEV

Exim4 string_format Function Heap Buffer Overflow

Title source: metasploit

Description

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/16925

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by jduck, hdm · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/smtp/exim4_string_format.rb

View Code ZIP pw:eip

References (29)

[Issue Tracking, Patch] http://bugs.exim.org/show_bug.cgi?id=1044

[Mailing List, Patch] http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

[Mailing List] http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

[Mailing List] http://openwall.com/lists/oss-security/2010/12/10/1

[Broken Link, Vendor Advisory] http://secunia.com/advisories/42576

[Broken Link] http://secunia.com/advisories/42930

[Broken Link] http://secunia.com/advisories/43128

[Broken Link] http://secunia.com/advisories/43243

[Broken Link] http://www.cpanel.net/2010/12/critical-exim-security-update.html

[Mailing List, Third Party Advisory] http://www.debian.org/security/2010/dsa-2131

[Mailing List, Third Party Advisory] http://www.debian.org/security/2011/dsa-2154

[Mailing List, Vendor Advisory] http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/758489

[Third Party Advisory] http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

[Mailing List] http://www.openwall.com/lists/oss-security/2021/05/04/7

[Broken Link] http://www.redhat.com/support/errata/RHSA-2011-0153.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/515172/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45341

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024859

... and 9 more

Scores

CVSS v3 7.8

EPSS 0.0686

EPSS Percentile 91.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2010-12-10

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2010-4314

CWE

CWE-77

Status published

Products (10)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 9.10

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

debian/debian_linux 5.0

exim/exim < 4.72

opensuse/opensuse 11.1

opensuse/opensuse 11.2

opensuse/opensuse 11.3

Published Dec 14, 2010

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026