⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2010-4345Command Injection in Exim

CWE-77Command InjectionCWE-264CWE-78OS Command Injection14 documents12 sources
Severity
7.8HIGHNVD
EPSS
6.0%
top 9.29%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Debian Exim4EximCanonical Ubuntu Linux+2 more
Timeline
PublishedDec 14
KEV addedMar 25
KEV dueApr 15
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/exim4< exim4 4.72-3 (bookworm)
NVDexim/exim4.72
NVDopensuse/opensuse11.1, 11.2, 11.3+2

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.10

Patches

Patch: bugs.exim.orgPatch: lists.exim.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-qq6c-p3fx-6qcx: Exim 42022-05-13
CVEList
CVE-2010-4345: Exim 42010-12-14
OSV
CVE-2010-4345: Exim 42010-12-14
VulnCheck
Exim Privilege Escalation Vulnerability2010

💥Exploits & PoCs

2
Exploit-DB
Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)2010-12-16
Metasploit
Exim4 string_format Function Heap Buffer Overflow

📋Vendor Advisories

4
CISA
Exim Privilege Escalation Vulnerability2022-03-25
Ubuntu
Exim vulnerabilities2011-02-10
Red Hat
exim: privilege escalation2010-12-07
Debian
CVE-2010-4345: exim4 - Exim 4.72 and earlier allows local users to gain privileges by leveraging the ab...2010

💬Community

3
Bugzilla
CVE-2010-4345 exim privilege escalation [fedora-all]2011-01-07
Bugzilla
CVE-2010-4345 exim: privilege escalation2010-12-10
Bugzilla
CVE-2010-4344 exim: remote code execution flaw2010-12-09