REDHAT-BUG-662012
First published: Fri Dec 10 2010(Updated: )
See <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2010-4344 exim: remote code execution flaw" href="show_bug.cgi?id=661756">bug #661756</a> <a href="http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html">http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html</a> " Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further ${run ...} commands will be invoked as root. The latter should be addressed by the patch at <a href="http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html">http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html</a> "
| Affected Software | Affected Version | How to fix |
|---|---|---|
| sa-exim |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=661756
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
- http://bugs.exim.org/show_bug.cgi?id=1044
- http://lists.exim.org/lurker/message/20101212.031058.0a4ca7c2.en.html
- http://git.exim.org/users/dwmw2/exim.git
- http://git.exim.org/exim.git/commit/1e83d68b72d24d6255d2e78facbe01656515ab4f
- http://git.exim.org/exim.git/commit/fa32850be0d9e605da1b33305c122f7a59a24650
- http://git.exim.org/exim.git/commit/261dc43e32f6039781ca92535e56f5caaa68b809
- http://git.exim.org/exim.git/commit/cd25e41d2d044556e024f0292a17c5ec3cc7987b
- http://git.exim.org/exim.git/commit/e2f5dc151e2e79058e93924e6d35510557f0535d
- http://git.exim.org/exim.git/commit/c1d94452b1b7f3620ee3cc9aa197ad98821de79f
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=468682&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=468682&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=472064&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=472064&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=472066&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=472066&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=668078
- https://rhn.redhat.com/errata/RHSA-2011-0153.html
- https://bugzilla.redhat.com/show_bug.cgi?id=662012
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4345
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/exim
- canonical/sa-exim