ID:1735 - Exploit for Privilege escalation in Exim - CVE-2010-4345

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:1735 - Exploit for Privilege escalation in Exim - CVE-2010-4345

ID:1735 - Exploit for Privilege escalation in Exim - CVE-2010-4345

Published: March 18, 2020


Vulnerability identifier: #VU341
Vulnerability risk: Low
CVE-ID: CVE-2010-4345
CWE-ID: CWE-78
Exploitation vector: Local access
Vulnerable software:
Exim

Link to public exploit:


Vulnerability description

The vulnerability allows a local user to escalate privileges on vulnerable system.

The vulnerability exists due to design error in Exim, when allowing local users to load arbitrary configuration file via the "spool_directory" directive. A local user can specify an alternate configuration file with a directive that contains arbitrary commands and execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.


Remediation

Update to version 4.73.