Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-879s-a42x-bqhu

Summary

Multiple vulnerabilities were found in Exim, the worst of which
    leading to remote execution of arbitrary code with root privileges.

Aliases

alias	CVE-2010-4345

Fixed_packages

url	pkg:deb/debian/exim4@4.72-3?distro=trixie
purl	pkg:deb/debian/exim4@4.72-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-3%3Fdistro=trixie

url pkg:deb/debian/exim4@4.72-6%2Bsqueeze4

purl pkg:deb/debian/exim4@4.72-6%2Bsqueeze4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ev3-fe86-93e3

vulnerability	VCID-1kpw-zhj4-jfaz

vulnerability	VCID-1tqm-3s38-fqcn

vulnerability	VCID-2qea-x4nk-zfba

vulnerability	VCID-3z7r-efh2-tyf9

vulnerability	VCID-55h7-dczu-rfhe

vulnerability	VCID-56xq-sgry-2uhd

vulnerability	VCID-5e2k-ure4-wfdf

vulnerability	VCID-69es-qatu-uub2

vulnerability	VCID-6dwr-t9kn-2yfn

vulnerability	VCID-7vuu-yzmu-duew

vulnerability	VCID-838e-pk6w-t3by

vulnerability	VCID-85sn-frqr-wqc1

vulnerability	VCID-87un-11ea-myhg

vulnerability	VCID-92ug-3eae-tydc

vulnerability	VCID-avxe-yhcq-wudx

vulnerability	VCID-bgxc-8scn-z7e8

vulnerability	VCID-bz4v-p82a-skgk

vulnerability	VCID-c9g9-ufem-9bgr

vulnerability	VCID-caau-2ury-hbbs

vulnerability	VCID-e844-g11f-f7fd

vulnerability	VCID-f998-369d-r3ds

vulnerability	VCID-kxtk-ybzc-eyfj

vulnerability	VCID-m8mt-ya9x-yqaq

vulnerability	VCID-mssq-pkfp-fbhg

vulnerability	VCID-mwem-kfpv-eqf2

vulnerability	VCID-p285-6bu3-vuh5

vulnerability	VCID-puuy-w6ze-9kc7

vulnerability	VCID-pzsv-7fee-1ugu

vulnerability	VCID-qr4y-643y-dqdz

vulnerability	VCID-qupq-a4jw-bbhh

vulnerability	VCID-qyqw-2gga-m3c6

vulnerability	VCID-raam-5am9-hbef

vulnerability	VCID-rfam-rzrr-abhb

vulnerability	VCID-rgkw-1sqv-d7hx

vulnerability	VCID-rrea-52kb-3qf1

vulnerability	VCID-sam4-h21q-dkej

vulnerability	VCID-stsb-pwen-87g7

vulnerability	VCID-swer-ztd6-nkga

vulnerability	VCID-teft-hqz3-7ubr

vulnerability	VCID-tpt6-ze4u-a7dt

vulnerability	VCID-ujms-hna1-z7e6

vulnerability	VCID-v1t8-y73h-vyee

vulnerability	VCID-vykx-t8yc-tycc

vulnerability	VCID-x7cz-svaj-rkb5

vulnerability	VCID-yytq-tcvz-43dq

vulnerability	VCID-z51d-zdeq-suas

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-6%252Bsqueeze4

url	pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie
purl	pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u7%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.98.2-1?distro=trixie
purl	pkg:deb/debian/exim4@4.98.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.99.1-1?distro=trixie
purl	pkg:deb/debian/exim4@4.99.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.1-1%3Fdistro=trixie

url	pkg:ebuild/mail-mta/exim@4.80.1
purl	pkg:ebuild/mail-mta/exim@4.80.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-mta/exim@4.80.1

Affected_packages

url pkg:deb/debian/exim4@4.50-8sarge2

purl pkg:deb/debian/exim4@4.50-8sarge2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ev3-fe86-93e3

vulnerability	VCID-1kpw-zhj4-jfaz

vulnerability	VCID-1tqm-3s38-fqcn

vulnerability	VCID-2qea-x4nk-zfba

vulnerability	VCID-3z7r-efh2-tyf9

vulnerability	VCID-55h7-dczu-rfhe

vulnerability	VCID-56xq-sgry-2uhd

vulnerability	VCID-5e2k-ure4-wfdf

vulnerability	VCID-5vks-gjgj-euhp

vulnerability	VCID-69es-qatu-uub2

vulnerability	VCID-6dwr-t9kn-2yfn

vulnerability	VCID-7vuu-yzmu-duew

vulnerability	VCID-838e-pk6w-t3by

vulnerability	VCID-85sn-frqr-wqc1

vulnerability	VCID-879s-a42x-bqhu

vulnerability	VCID-87un-11ea-myhg

vulnerability	VCID-92ug-3eae-tydc

vulnerability	VCID-avxe-yhcq-wudx

vulnerability	VCID-bdkr-87xb-4yf8

vulnerability	VCID-bgxc-8scn-z7e8

vulnerability	VCID-bz4v-p82a-skgk

vulnerability	VCID-c9g9-ufem-9bgr

vulnerability	VCID-caau-2ury-hbbs

vulnerability	VCID-e844-g11f-f7fd

vulnerability	VCID-f998-369d-r3ds

vulnerability	VCID-kxtk-ybzc-eyfj

vulnerability	VCID-m8mt-ya9x-yqaq

vulnerability	VCID-mssq-pkfp-fbhg

vulnerability	VCID-mwem-kfpv-eqf2

vulnerability	VCID-p285-6bu3-vuh5

vulnerability	VCID-pdm2-w3dk-p7gd

vulnerability	VCID-puuy-w6ze-9kc7

vulnerability	VCID-pzsv-7fee-1ugu

vulnerability	VCID-qr4y-643y-dqdz

vulnerability	VCID-qupq-a4jw-bbhh

vulnerability	VCID-qyqw-2gga-m3c6

vulnerability	VCID-raam-5am9-hbef

vulnerability	VCID-rfam-rzrr-abhb

vulnerability	VCID-rgkw-1sqv-d7hx

vulnerability	VCID-rrea-52kb-3qf1

vulnerability	VCID-sam4-h21q-dkej

vulnerability	VCID-stsb-pwen-87g7

vulnerability	VCID-swer-ztd6-nkga

vulnerability	VCID-teft-hqz3-7ubr

vulnerability	VCID-tpt6-ze4u-a7dt

vulnerability	VCID-ujms-hna1-z7e6

vulnerability	VCID-v1t8-y73h-vyee

vulnerability	VCID-vykx-t8yc-tycc

vulnerability	VCID-x7cz-svaj-rkb5

vulnerability	VCID-ynbw-8a6a-sug8

vulnerability	VCID-yytq-tcvz-43dq

vulnerability	VCID-z51d-zdeq-suas

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.50-8sarge2

url pkg:deb/debian/exim4@4.63-17

purl pkg:deb/debian/exim4@4.63-17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ev3-fe86-93e3

vulnerability	VCID-1kpw-zhj4-jfaz

vulnerability	VCID-1tqm-3s38-fqcn

vulnerability	VCID-2qea-x4nk-zfba

vulnerability	VCID-3z7r-efh2-tyf9

vulnerability	VCID-55h7-dczu-rfhe

vulnerability	VCID-56xq-sgry-2uhd

vulnerability	VCID-5e2k-ure4-wfdf

vulnerability	VCID-5vks-gjgj-euhp

vulnerability	VCID-69es-qatu-uub2

vulnerability	VCID-6dwr-t9kn-2yfn

vulnerability	VCID-7vuu-yzmu-duew

vulnerability	VCID-838e-pk6w-t3by

vulnerability	VCID-85sn-frqr-wqc1

vulnerability	VCID-879s-a42x-bqhu

vulnerability	VCID-87un-11ea-myhg

vulnerability	VCID-92ug-3eae-tydc

vulnerability	VCID-avxe-yhcq-wudx

vulnerability	VCID-bdkr-87xb-4yf8

vulnerability	VCID-bgxc-8scn-z7e8

vulnerability	VCID-bz4v-p82a-skgk

vulnerability	VCID-c9g9-ufem-9bgr

vulnerability	VCID-caau-2ury-hbbs

vulnerability	VCID-e844-g11f-f7fd

vulnerability	VCID-f998-369d-r3ds

vulnerability	VCID-kxtk-ybzc-eyfj

vulnerability	VCID-m8mt-ya9x-yqaq

vulnerability	VCID-mssq-pkfp-fbhg

vulnerability	VCID-mwem-kfpv-eqf2

vulnerability	VCID-p285-6bu3-vuh5

vulnerability	VCID-pdm2-w3dk-p7gd

vulnerability	VCID-puuy-w6ze-9kc7

vulnerability	VCID-pzsv-7fee-1ugu

vulnerability	VCID-qr4y-643y-dqdz

vulnerability	VCID-qupq-a4jw-bbhh

vulnerability	VCID-qyqw-2gga-m3c6

vulnerability	VCID-raam-5am9-hbef

vulnerability	VCID-rfam-rzrr-abhb

vulnerability	VCID-rgkw-1sqv-d7hx

vulnerability	VCID-rrea-52kb-3qf1

vulnerability	VCID-sam4-h21q-dkej

vulnerability	VCID-stsb-pwen-87g7

vulnerability	VCID-swer-ztd6-nkga

vulnerability	VCID-teft-hqz3-7ubr

vulnerability	VCID-tpt6-ze4u-a7dt

vulnerability	VCID-ujms-hna1-z7e6

vulnerability	VCID-v1t8-y73h-vyee

vulnerability	VCID-vykx-t8yc-tycc

vulnerability	VCID-x7cz-svaj-rkb5

vulnerability	VCID-ynbw-8a6a-sug8

vulnerability	VCID-yytq-tcvz-43dq

vulnerability	VCID-z51d-zdeq-suas

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.63-17

url pkg:deb/debian/exim4@4.69-9%2Blenny4

purl pkg:deb/debian/exim4@4.69-9%2Blenny4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ev3-fe86-93e3

vulnerability	VCID-1kpw-zhj4-jfaz

vulnerability	VCID-1tqm-3s38-fqcn

vulnerability	VCID-2qea-x4nk-zfba

vulnerability	VCID-3z7r-efh2-tyf9

vulnerability	VCID-55h7-dczu-rfhe

vulnerability	VCID-56xq-sgry-2uhd

vulnerability	VCID-5e2k-ure4-wfdf

vulnerability	VCID-5vks-gjgj-euhp

vulnerability	VCID-69es-qatu-uub2

vulnerability	VCID-6dwr-t9kn-2yfn

vulnerability	VCID-7vuu-yzmu-duew

vulnerability	VCID-838e-pk6w-t3by

vulnerability	VCID-85sn-frqr-wqc1

vulnerability	VCID-879s-a42x-bqhu

vulnerability	VCID-87un-11ea-myhg

vulnerability	VCID-92ug-3eae-tydc

vulnerability	VCID-avxe-yhcq-wudx

vulnerability	VCID-bdkr-87xb-4yf8

vulnerability	VCID-bgxc-8scn-z7e8

vulnerability	VCID-bz4v-p82a-skgk

vulnerability	VCID-c9g9-ufem-9bgr

vulnerability	VCID-caau-2ury-hbbs

vulnerability	VCID-e844-g11f-f7fd

vulnerability	VCID-f998-369d-r3ds

vulnerability	VCID-kxtk-ybzc-eyfj

vulnerability	VCID-m8mt-ya9x-yqaq

vulnerability	VCID-mssq-pkfp-fbhg

vulnerability	VCID-mwem-kfpv-eqf2

vulnerability	VCID-p285-6bu3-vuh5

vulnerability	VCID-pdm2-w3dk-p7gd

vulnerability	VCID-puuy-w6ze-9kc7

vulnerability	VCID-pzsv-7fee-1ugu

vulnerability	VCID-qr4y-643y-dqdz

vulnerability	VCID-qupq-a4jw-bbhh

vulnerability	VCID-qyqw-2gga-m3c6

vulnerability	VCID-raam-5am9-hbef

vulnerability	VCID-rfam-rzrr-abhb

vulnerability	VCID-rgkw-1sqv-d7hx

vulnerability	VCID-rrea-52kb-3qf1

vulnerability	VCID-sam4-h21q-dkej

vulnerability	VCID-stsb-pwen-87g7

vulnerability	VCID-swer-ztd6-nkga

vulnerability	VCID-teft-hqz3-7ubr

vulnerability	VCID-tpt6-ze4u-a7dt

vulnerability	VCID-ujms-hna1-z7e6

vulnerability	VCID-v1t8-y73h-vyee

vulnerability	VCID-vykx-t8yc-tycc

vulnerability	VCID-x7cz-svaj-rkb5

vulnerability	VCID-ynbw-8a6a-sug8

vulnerability	VCID-yytq-tcvz-43dq

vulnerability	VCID-z51d-zdeq-suas

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.69-9%252Blenny4

url pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8?arch=3

purl pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-879s-a42x-bqhu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8%3Farch=3

url pkg:rpm/redhat/exim@4.63-5.el5_6?arch=2

purl pkg:rpm/redhat/exim@4.63-5.el5_6?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-879s-a42x-bqhu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-5.el5_6%3Farch=2

References

reference_url

http://bugs.exim.org/show_bug.cgi?id=1044

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://bugs.exim.org/show_bug.cgi?id=1044

reference_url

http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html

reference_url

http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html

reference_url

http://openwall.com/lists/oss-security/2010/12/10/1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://openwall.com/lists/oss-security/2010/12/10/1

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4345

reference_id

reference_type

scores

value	0.04024
scoring_system	epss
scoring_elements	0.88425
published_at	2026-04-01T12:55:00Z

value	0.04024
scoring_system	epss
scoring_elements	0.8844
published_at	2026-04-04T12:55:00Z

value	0.04024
scoring_system	epss
scoring_elements	0.88433
published_at	2026-04-02T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89864
published_at	2026-04-08T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89847
published_at	2026-04-07T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89882
published_at	2026-04-18T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89874
published_at	2026-04-12T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89881
published_at	2026-04-16T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89868
published_at	2026-04-13T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.89876
published_at	2026-04-11T12:55:00Z

value	0.05133
scoring_system	epss
scoring_elements	0.8987
published_at	2026-04-09T12:55:00Z

value	0.06001
scoring_system	epss
scoring_elements	0.90705
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345

reference_url

http://secunia.com/advisories/42576

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://secunia.com/advisories/42576

reference_url

http://secunia.com/advisories/42930

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://secunia.com/advisories/42930

reference_url

http://secunia.com/advisories/43128

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://secunia.com/advisories/43128

reference_url

http://secunia.com/advisories/43243

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://secunia.com/advisories/43243

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345

reference_url

http://www.cpanel.net/2010/12/critical-exim-security-update.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.cpanel.net/2010/12/critical-exim-security-update.html

reference_url

http://www.debian.org/security/2010/dsa-2131

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.debian.org/security/2010/dsa-2131

reference_url

http://www.debian.org/security/2011/dsa-2154

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.debian.org/security/2011/dsa-2154

reference_url

http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

reference_url

http://www.kb.cert.org/vuls/id/758489

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.kb.cert.org/vuls/id/758489

reference_url

http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

reference_url

http://www.openwall.com/lists/oss-security/2021/05/04/7

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.openwall.com/lists/oss-security/2021/05/04/7

reference_url

http://www.redhat.com/support/errata/RHSA-2011-0153.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.redhat.com/support/errata/RHSA-2011-0153.html

reference_url

http://www.securityfocus.com/archive/1/515172/100/0/threaded

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.securityfocus.com/archive/1/515172/100/0/threaded

reference_url

http://www.securityfocus.com/bid/45341

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.securityfocus.com/bid/45341

reference_url

http://www.securitytracker.com/id?1024859

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.securitytracker.com/id?1024859

reference_url

http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

reference_url

http://www.ubuntu.com/usn/USN-1060-1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.ubuntu.com/usn/USN-1060-1

reference_url

http://www.vupen.com/english/advisories/2010/3171

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.vupen.com/english/advisories/2010/3171

reference_url

http://www.vupen.com/english/advisories/2010/3204

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.vupen.com/english/advisories/2010/3204

reference_url

http://www.vupen.com/english/advisories/2011/0135

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.vupen.com/english/advisories/2011/0135

reference_url

http://www.vupen.com/english/advisories/2011/0245

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.vupen.com/english/advisories/2011/0245

reference_url

http://www.vupen.com/english/advisories/2011/0364

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

http://www.vupen.com/english/advisories/2011/0364

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527
reference_id	606527
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=662012

reference_id

662012

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=662012

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim::::::::
reference_id	cpe:2.3:a:exim:exim::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4345

reference_id

CVE-2010-4345

reference_type

scores

value	6.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4345

reference_url	https://security.gentoo.org/glsa/201401-32
reference_id	GLSA-201401-32
reference_type
scores
url	https://security.gentoo.org/glsa/201401-32

reference_url	https://access.redhat.com/errata/RHSA-2011:0153
reference_id	RHSA-2011:0153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:0153

reference_url	https://usn.ubuntu.com/1060-1/
reference_id	USN-1060-1
reference_type
scores
url	https://usn.ubuntu.com/1060-1/

Weaknesses

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	77
name	Improper Neutralization of Special Elements used in a Command ('Command Injection')
description	The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Exploits

date_added	2010-12-16
description	Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2010-12-16
exploit_type	remote
platform	linux
source_date_updated	2011-03-06
data_source	Exploit-DB
source_url

date_added	2022-03-25
description	Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
required_action	Apply updates per vendor instructions.
due_date	2022-04-15
notes	https://nvd.nist.gov/vuln/detail/CVE-2010-4345
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

date_added	`null`
description	This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer is not full prior to handling '%s' format specifiers within the 'string_vformat' function. In order to trigger this issue, we get our message rejected by sending a message that is too large. This will call into log_write to log rejection headers (which is a default configuration setting). After filling the buffer, a long header string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL FROM' command. By sending a second message, the string we sent will be evaluated with 'expand_string' and arbitrary shell commands can be executed. It is likely that this issue could also be exploited using other techniques such as targeting in-band heap management structures, or perhaps even function pointers stored in the heap. However, these techniques would likely be far more platform specific, more complicated, and less reliable. This bug was original found and reported in December 2008, but was not properly handled as a security issue. Therefore, there was a 2 year lag time between when the issue was fixed and when it was discovered being exploited in the wild. At that point, the issue was assigned a CVE and began being addressed by downstream vendors. An additional vulnerability, CVE-2010-4345, was also used in the attack that led to the discovery of danger of this bug. This bug allows a local user to gain root privileges from the Exim user account. If the Perl interpreter is found on the remote system, this module will automatically exploit the secondary bug as well to get root.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2010-12-07
exploit_type	`null`
platform	Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/exim4_string_format.rb

Severity_range_score 6.9 - 7.8

Exploitability 2.0

Weighted_severity 7.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-879s-a42x-bqhu

Vulnerability Instance