CVE-2010-4345
Detail
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://bugs.exim.org/show_bug.cgi?id=1044
CVE, Inc., Red Hat
Issue Tracking
Patch
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
CVE, Inc., Red Hat
Mailing List
Patch
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
CVE, Inc., Red Hat
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
CVE, Inc., Red Hat
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2010/12/10/1
CVE, Inc., Red Hat
Mailing List
http://secunia.com/advisories/42576
CVE, Inc., Red Hat
Broken Link
Vendor Advisory
http://secunia.com/advisories/42930
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/43128
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/43243
CVE, Inc., Red Hat
Broken Link
http://www.cpanel.net/2010/12/critical-exim-security-update.html
CVE, Inc., Red Hat
Broken Link
http://www.debian.org/security/2010/dsa-2131
CVE, Inc., Red Hat
Mailing List
Third Party Advisory
http://www.debian.org/security/2011/dsa-2154
CVE, Inc., Red Hat
Mailing List
Third Party Advisory
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
CVE, Inc., Red Hat
Mailing List
Vendor Advisory
http://www.kb.cert.org/vuls/id/758489
CVE, Inc., Red Hat
Third Party Advisory
US Government Resource
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
CVE, Inc., Red Hat
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/04/7
CVE, Inc., Red Hat
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-0153.html
CVE, Inc., Red Hat
Broken Link
http://www.securityfocus.com/archive/1/515172/100/0/threaded
CVE, Inc., Red Hat
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/45341
CVE, Inc., Red Hat
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1024859
CVE, Inc., Red Hat
Broken Link
Third Party Advisory
VDB Entry
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
CVE, Inc., Red Hat
Press/Media Coverage
Third Party Advisory
http://www.ubuntu.com/usn/USN-1060-1
CVE, Inc., Red Hat
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3171
CVE, Inc., Red Hat
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3204
CVE, Inc., Red Hat
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0135
CVE, Inc., Red Hat
Broken Link
http://www.vupen.com/english/advisories/2011/0245
CVE, Inc., Red Hat
Broken Link
http://www.vupen.com/english/advisories/2011/0364
CVE, Inc., Red Hat
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=662012
CVE, Inc., Red Hat
Issue Tracking
Patch
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345
CISA-ADP
US Government Resource
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference
CISA's BOD 22-01 and Known
Exploited Vulnerabilities Catalog for further guidance and requirements.
Vulnerability Name
Date Added
Due Date
Required Action
Exim Privilege Escalation Vulnerability
03/25/2022
04/15/2022
Apply updates per vendor instructions.
Weakness Enumeration
CWE-ID
CWE Name
Source
NVD-CWE-noinfo
Insufficient Information
NIST  
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CISA-ADP  
Change History
17 change records found show changes
CVE Modified by CISA-ADP
6/16/2026 7:24:36 PM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2025-02-07T13:24:14.950730Z","id":"CVE-2010-4345","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by Red Hat, Inc.
6/16/2026 7:24:36 PM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
Modified Analysis by NIST
4/21/2026 4:30:40 PM
Action
Type
Old Value
New Value
Added
Reference Type
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345 Types: US Government Resource
CVE Modified by CISA-ADP
10/21/2025 9:15:39 PM
Action
Type
Old Value
New Value
Added
Reference
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345
CVE Modified by CISA-ADP
10/21/2025 4:15:54 PM
Action
Type
Old Value
New Value
Removed
Reference
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345
CVE Modified by CISA-ADP
10/21/2025 3:15:58 PM
Action
Type
Old Value
New Value
Added
Reference
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345
Modified Analysis by NIST
3/13/2025 3:07:51 PM
Action
Type
Old Value
New Value
CVE Modified by CISA-ADP
2/07/2025 9:15:33 AM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added
CWE
CWE-77
Modified Analysis by NIST
12/19/2024 1:21:54 PM
Action
Type
Old Value
New Value
CVE Modified by CVE
11/20/2024 8:20:44 PM
Action
Type
Old Value
New Value
Added
Reference
http://bugs.exim.org/show_bug.cgi?id=1044
Added
Reference
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
Added
Reference
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Added
Reference
http://openwall.com/lists/oss-security/2010/12/10/1
Added
Reference
http://secunia.com/advisories/42576
Added
Reference
http://secunia.com/advisories/42930
Added
Reference
http://secunia.com/advisories/43128
Added
Reference
http://secunia.com/advisories/43243
Added
Reference
http://www.cpanel.net/2010/12/critical-exim-security-update.html
Added
Reference
http://www.debian.org/security/2010/dsa-2131
Added
Reference
http://www.debian.org/security/2011/dsa-2154
Added
Reference
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Added
Reference
http://www.kb.cert.org/vuls/id/758489
Added
Reference
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Added
Reference
http://www.openwall.com/lists/oss-security/2021/05/04/7
Added
Reference
http://www.redhat.com/support/errata/RHSA-2011-0153.html
Added
Reference
http://www.securityfocus.com/archive/1/515172/100/0/threaded
Added
Reference
http://www.securityfocus.com/bid/45341
Added
Reference
http://www.securitytracker.com/id?1024859
Added
Reference
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Added
Reference
http://www.ubuntu.com/usn/USN-1060-1
Added
Reference
http://www.vupen.com/english/advisories/2010/3171
Added
Reference
http://www.vupen.com/english/advisories/2010/3204
Added
Reference
http://www.vupen.com/english/advisories/2011/0135
Added
Reference
http://www.vupen.com/english/advisories/2011/0245
Added
Reference
http://www.vupen.com/english/advisories/2011/0364
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=662012
Modified Analysis by NIST
7/16/2024 1:57:37 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added
CWE
NIST NVD-CWE-noinfo
Removed
CWE
NIST CWE-264
Changed
CPE Configuration
Record truncated, showing 2048 of 3046 characters.
View Entire Change Record OR
*cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*
*cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*
*cpe:2.3:a:exim
OR
*cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* versions up to (including) 4.72
Added
CPE Configuration
OR
*cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Added
CPE Configuration
OR
*cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Added
CPE Configuration
OR
*cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
*cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
*cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
Changed
Reference Type
http://bugs.exim.org/show_bug.cgi?id=1044 Patch
http://bugs.exim.org/show_bug.cgi?id=1044 Issue Tracking, Patch
Changed
Reference Type
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html Patch
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html Mailing List, Patch
Changed
Reference Type
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html No Types Assigned
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html Mailing List
Changed
Reference Type
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html Mailing List, Third Party Advisory
Changed
Reference Type
http://openwall.com/lists/oss-security/2010/12/10/1 No Types Assigned
http://openwall.com/lists/oss-security/2010/12/10/1 Mailing List
Changed
Reference Type
http://secunia.com/advisories/42576 Vendor Advisory
http://secunia.com/advisories/42576 Broken Link, Vendor Advisory
Changed
Reference Type
http://secunia.com/advisories/42930 No Types Assigned
http://secunia.com/advisories/42930 Broken Link
Changed
Reference Type
http://secunia.com/advisories/43128 No Types Assigned
http://secunia.com/advisories/43128 Broken Link
Changed
Reference Type
http://secunia.com/advisories/43243 No Types Assigned
http://secunia.com/advisories/43243 Broken Link
Changed
Reference Type
http://www.cpanel.net/2010/12/critical-exim-security-update.html No Types Assigned
http://www.cpanel.net/2010/12/critical-exim-security-update.html Broken Link
Changed
Reference Type
http://www.debian.org/security/2010/dsa-2131 No Types Assigned
http://www.debian.org/security/2010/dsa-2131 Mailing List, Third Party Advisory
Changed
Reference Type
http://www.debian.org/security/2011/dsa-2154 No Types Assigned
http://www.debian.org/security/2011/dsa-2154 Mailing List, Third Party Advisory
Changed
Reference Type
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html Vendor Advisory
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html Mailing List, Vendor Advisory
Changed
Reference Type
http://www.kb.cert.org/vuls/id/758489 US Government Resource
http://www.kb.cert.org/vuls/id/758489 Third Party Advisory, US Government Resource
Changed
Reference Type
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format No Types Assigned
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format Third Party Advisory
Changed
Reference Type
http://www.openwall.com/lists/oss-security/2021/05/04/7 No Types Assigned
http://www.openwall.com/lists/oss-security/2021/05/04/7 Mailing List
Changed
Reference Type
http://www.redhat.com/support/errata/RHSA-2011-0153.html No Types Assigned
http://www.redhat.com/support/errata/RHSA-2011-0153.html Broken Link
Changed
Reference Type
http://www.securityfocus.com/archive/1/515172/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/515172/100/0/threaded Broken Link, Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.securityfocus.com/bid/45341 No Types Assigned
http://www.securityfocus.com/bid/45341 Broken Link, Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.securitytracker.com/id?1024859 No Types Assigned
http://www.securitytracker.com/id?1024859 Broken Link, Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ No Types Assigned
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ Press/Media Coverage, Third Party Advisory
Changed
Reference Type
http://www.ubuntu.com/usn/USN-1060-1 No Types Assigned
http://www.ubuntu.com/usn/USN-1060-1 Third Party Advisory
Changed
Reference Type
http://www.vupen.com/english/advisories/2010/3171 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3171 Broken Link, Vendor Advisory
Changed
Reference Type
http://www.vupen.com/english/advisories/2010/3204 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3204 Broken Link, Vendor Advisory
Changed
Reference Type
http://www.vupen.com/english/advisories/2011/0135 No Types Assigned
http://www.vupen.com/english/advisories/2011/0135 Broken Link
Changed
Reference Type
http://www.vupen.com/english/advisories/2011/0245 No Types Assigned
http://www.vupen.com/english/advisories/2011/0245 Broken Link
Changed
Reference Type
http://www.vupen.com/english/advisories/2011/0364 No Types Assigned
http://www.vupen.com/english/advisories/2011/0364 Broken Link
Changed
Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=662012 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=662012 Issue Tracking, Patch
CVE Modified by Red Hat, Inc.
5/13/2024 10:23:34 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc.
2/12/2023 11:28:35 PM
Action
Type
Old Value
New Value
Changed
Description
CVE-2010-4345 exim: privilege escalation
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Removed
CVSS V2
Red Hat, Inc. (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Removed
Reference
https://access.redhat.com/errata/RHSA-2011:0153 [No Types Assigned]
Removed
Reference
https://access.redhat.com/security/cve/CVE-2010-4345 [No Types Assigned]
CVE Modified by Red Hat, Inc.
2/02/2023 12:17:49 PM
Action
Type
Old Value
New Value
Changed
Description
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVE-2010-4345 exim: privilege escalation
Added
CVSS V2
Red Hat, Inc. (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Added
Reference
https://access.redhat.com/errata/RHSA-2011:0153 [No Types Assigned]
Added
Reference
https://access.redhat.com/security/cve/CVE-2010-4345 [No Types Assigned]
CVE Modified by Red Hat, Inc.
5/04/2021 2:15:08 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.openwall.com/lists/oss-security/2021/05/04/7 [No Types Assigned]
CVE Modified by Red Hat, Inc.
10/10/2018 4:08:16 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/515172/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/515172/100/0/threaded [No Types Assigned]
Initial CVE Analysis
12/14/2010 1:26:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2010-4345 NVD
Published Date: 12/14/2010 NVD
Last Modified: 06/16/2026
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
