What is the severity of CVE-2010-4345?

CVE-2010-4345 has a high severity level due to its potential for local privilege escalation.

How do I fix CVE-2010-4345?

To fix CVE-2010-4345, upgrade Exim to version 4.72 or later, where the vulnerability has been resolved.

What are the affected versions of Exim in CVE-2010-4345?

CVE-2010-4345 affects Exim versions 4.72 and earlier.

Who is at risk for CVE-2010-4345?

Local users on systems that run affected versions of Exim are at risk for CVE-2010-4345.

What type of vulnerability is CVE-2010-4345?

CVE-2010-4345 is a local privilege escalation vulnerability.

Vulnerability/
CVE-2010-4345

Exploited

high

7.8

CWE

264 77

10/12/2010

14/12/2010

11/4/2025

CVE-2010-4345: Exim Privilege Escalation Vulnerability

First published: Fri Dec 10 2010(Updated: )

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
sa-exim
sa-exim	<=4.72
sa-exim	=2.10
sa-exim	=2.11
sa-exim	=2.12
sa-exim	=3.00
sa-exim	=3.01
sa-exim	=3.02
sa-exim	=3.03
sa-exim	=3.10
sa-exim	=3.11
sa-exim	=3.12
sa-exim	=3.13
sa-exim	=3.14
sa-exim	=3.15
sa-exim	=3.16
sa-exim	=3.20
sa-exim	=3.21
sa-exim	=3.22
sa-exim	=3.30
sa-exim	=3.31
sa-exim	=3.32
sa-exim	=3.33
sa-exim	=3.34
sa-exim	=3.35
sa-exim	=3.36
sa-exim	=4.00
sa-exim	=4.01
sa-exim	=4.02
sa-exim	=4.03
sa-exim	=4.04
sa-exim	=4.05
sa-exim	=4.10
sa-exim	=4.11
sa-exim	=4.12
sa-exim	=4.14
sa-exim	=4.20
sa-exim	=4.21
sa-exim	=4.22
sa-exim	=4.23
sa-exim	=4.24
sa-exim	=4.30
sa-exim	=4.31
sa-exim	=4.32
sa-exim	=4.33
sa-exim	=4.34
sa-exim	=4.40
sa-exim	=4.41
sa-exim	=4.42
sa-exim	=4.43
sa-exim	=4.44
sa-exim	=4.50
sa-exim	=4.51
sa-exim	=4.52
sa-exim	=4.53
sa-exim	=4.54
sa-exim	=4.60
sa-exim	=4.61
sa-exim	=4.62
sa-exim	=4.63
sa-exim	=4.64
sa-exim	=4.65
sa-exim	=4.66
sa-exim	=4.67
sa-exim	=4.68
sa-exim	=4.69
sa-exim	=4.70
sa-exim	=4.71
openSUSE	=11.1
openSUSE	=11.2
openSUSE	=11.3
Debian Linux	=5.0
Ubuntu	=6.06
Ubuntu	=8.04
Ubuntu	=9.10
Ubuntu	=10.04
Ubuntu	=10.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4345?
CVE-2010-4345 has a high severity level due to its potential for local privilege escalation.
How do I fix CVE-2010-4345?
To fix CVE-2010-4345, upgrade Exim to version 4.72 or later, where the vulnerability has been resolved.
What are the affected versions of Exim in CVE-2010-4345?
CVE-2010-4345 affects Exim versions 4.72 and earlier.
Who is at risk for CVE-2010-4345?
Local users on systems that run affected versions of Exim are at risk for CVE-2010-4345.
What type of vulnerability is CVE-2010-4345?
CVE-2010-4345 is a local privilege escalation vulnerability.

agent/type
agent/first-publish-date
agent/title
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-4345
agent/author
agent/severity
agent/references
agent/trending
agent/source
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-historical
collector/mitre-cve
source/MITRE
agent/weakness
agent/event
agent/last-modified-date
collector/nvd-api
source/NVD
agent/softwarecombine
agent/tags
collector/nvd-cve
vendor/exim
canonical/sa-exim
version/sa-exim/4.72
version/sa-exim/2.10
version/sa-exim/2.11
version/sa-exim/2.12
version/sa-exim/3.00
version/sa-exim/3.01
version/sa-exim/3.02
version/sa-exim/3.03
version/sa-exim/3.10
version/sa-exim/3.11
version/sa-exim/3.12
version/sa-exim/3.13
version/sa-exim/3.14
version/sa-exim/3.15
version/sa-exim/3.16
version/sa-exim/3.20
version/sa-exim/3.21
version/sa-exim/3.22
version/sa-exim/3.30
version/sa-exim/3.31
version/sa-exim/3.32
version/sa-exim/3.33
version/sa-exim/3.34
version/sa-exim/3.35
version/sa-exim/3.36
version/sa-exim/4.00
version/sa-exim/4.01
version/sa-exim/4.02
version/sa-exim/4.03
version/sa-exim/4.04
version/sa-exim/4.05
version/sa-exim/4.10
version/sa-exim/4.11
version/sa-exim/4.12
version/sa-exim/4.14
version/sa-exim/4.20
version/sa-exim/4.21
version/sa-exim/4.22
version/sa-exim/4.23
version/sa-exim/4.24
version/sa-exim/4.30
version/sa-exim/4.31
version/sa-exim/4.32
version/sa-exim/4.33
version/sa-exim/4.34
version/sa-exim/4.40
version/sa-exim/4.41
version/sa-exim/4.42
version/sa-exim/4.43
version/sa-exim/4.44
version/sa-exim/4.50
version/sa-exim/4.51
version/sa-exim/4.52
version/sa-exim/4.53
version/sa-exim/4.54
version/sa-exim/4.60
version/sa-exim/4.61
version/sa-exim/4.62
version/sa-exim/4.63
version/sa-exim/4.64
version/sa-exim/4.65
version/sa-exim/4.66
version/sa-exim/4.67
version/sa-exim/4.68
version/sa-exim/4.69
version/sa-exim/4.70
version/sa-exim/4.71
vendor/opensuse
canonical/opensuse
version/opensuse/11.1
version/opensuse/11.2
version/opensuse/11.3
vendor/debian
canonical/debian linux
version/debian linux/5.0
vendor/canonical
canonical/ubuntu
version/ubuntu/6.06
version/ubuntu/8.04
version/ubuntu/9.10
version/ubuntu/10.04
version/ubuntu/10.10

CVE-2010-4345: Exim Privilege Escalation Vulnerability

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4345?

How do I fix CVE-2010-4345?

What are the affected versions of Exim in CVE-2010-4345?

Who is at risk for CVE-2010-4345?

What type of vulnerability is CVE-2010-4345?

Company

Resources

Contact