Main Vulnerability Database SB2011011701

SB2011011701 - Red Hat update for exim

Published: January 17, 2011 Updated: May 2, 2017

Security Bulletin ID SB2011011701

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2010-4345)

The vulnerability allows a local user to escalate privileges on vulnerable system.

The vulnerability exists due to design error in Exim, when allowing local users to load arbitrary configuration file via the "spool_directory" directive. A local user can specify an alternate configuration file with a directive that contains arbitrary commands and execute arbitrary commands on the system with root privileges.

Successful exploitation of this vulnerability will allow a local user to gain root privileges on the system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2011:0153