Search for vulnerabilities
Vulnerability details: VCID-e8v7-qcjy-aaas
Vulnerability ID VCID-e8v7-qcjy-aaas
Aliases CVE-2010-4345
Summary Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
cvssv3.1 7.8 http://bugs.exim.org/show_bug.cgi?id=1044
cvssv3.1 7.8 http://bugs.exim.org/show_bug.cgi?id=1044
ssvc Attend http://bugs.exim.org/show_bug.cgi?id=1044
ssvc Attend http://bugs.exim.org/show_bug.cgi?id=1044
cvssv3.1 7.8 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
cvssv3.1 7.8 http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
ssvc Attend http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
ssvc Attend http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
cvssv3.1 7.8 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
cvssv3.1 7.8 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
ssvc Attend http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
ssvc Attend http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
cvssv3.1 7.8 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
cvssv3.1 7.8 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
ssvc Attend http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
ssvc Attend http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
cvssv3.1 7.8 http://openwall.com/lists/oss-security/2010/12/10/1
cvssv3.1 7.8 http://openwall.com/lists/oss-security/2010/12/10/1
ssvc Attend http://openwall.com/lists/oss-security/2010/12/10/1
ssvc Attend http://openwall.com/lists/oss-security/2010/12/10/1
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0153
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.01123 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.03256 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.03256 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.03256 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.03256 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.08425 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.09353 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.09353 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11209 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11491 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
epss 0.11704 https://api.first.org/data/v1/epss?cve=CVE-2010-4345
cvssv3.1 7.8 https://bugzilla.redhat.com/show_bug.cgi?id=662012
cvssv3.1 7.8 https://bugzilla.redhat.com/show_bug.cgi?id=662012
ssvc Attend https://bugzilla.redhat.com/show_bug.cgi?id=662012
ssvc Attend https://bugzilla.redhat.com/show_bug.cgi?id=662012
cvssv3.1 7.8 http://secunia.com/advisories/42576
cvssv3.1 7.8 http://secunia.com/advisories/42576
ssvc Attend http://secunia.com/advisories/42576
ssvc Attend http://secunia.com/advisories/42576
cvssv3.1 7.8 http://secunia.com/advisories/42930
cvssv3.1 7.8 http://secunia.com/advisories/42930
ssvc Attend http://secunia.com/advisories/42930
ssvc Attend http://secunia.com/advisories/42930
cvssv3.1 7.8 http://secunia.com/advisories/43128
cvssv3.1 7.8 http://secunia.com/advisories/43128
ssvc Attend http://secunia.com/advisories/43128
ssvc Attend http://secunia.com/advisories/43128
cvssv3.1 7.8 http://secunia.com/advisories/43243
cvssv3.1 7.8 http://secunia.com/advisories/43243
ssvc Attend http://secunia.com/advisories/43243
ssvc Attend http://secunia.com/advisories/43243
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2010-4345
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2010-4345
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2010-4345
cvssv3.1 7.8 http://www.cpanel.net/2010/12/critical-exim-security-update.html
cvssv3.1 7.8 http://www.cpanel.net/2010/12/critical-exim-security-update.html
ssvc Attend http://www.cpanel.net/2010/12/critical-exim-security-update.html
ssvc Attend http://www.cpanel.net/2010/12/critical-exim-security-update.html
cvssv3.1 7.8 http://www.debian.org/security/2010/dsa-2131
cvssv3.1 7.8 http://www.debian.org/security/2010/dsa-2131
ssvc Attend http://www.debian.org/security/2010/dsa-2131
ssvc Attend http://www.debian.org/security/2010/dsa-2131
cvssv3.1 7.8 http://www.debian.org/security/2011/dsa-2154
cvssv3.1 7.8 http://www.debian.org/security/2011/dsa-2154
ssvc Attend http://www.debian.org/security/2011/dsa-2154
ssvc Attend http://www.debian.org/security/2011/dsa-2154
cvssv3.1 7.8 http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
cvssv3.1 7.8 http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
ssvc Attend http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
ssvc Attend http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
cvssv3.1 7.8 http://www.kb.cert.org/vuls/id/758489
cvssv3.1 7.8 http://www.kb.cert.org/vuls/id/758489
ssvc Attend http://www.kb.cert.org/vuls/id/758489
ssvc Attend http://www.kb.cert.org/vuls/id/758489
cvssv3.1 7.8 http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
cvssv3.1 7.8 http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
ssvc Attend http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
ssvc Attend http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/05/04/7
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/05/04/7
ssvc Attend http://www.openwall.com/lists/oss-security/2021/05/04/7
ssvc Attend http://www.openwall.com/lists/oss-security/2021/05/04/7
cvssv3.1 7.8 http://www.redhat.com/support/errata/RHSA-2011-0153.html
cvssv3.1 7.8 http://www.redhat.com/support/errata/RHSA-2011-0153.html
ssvc Attend http://www.redhat.com/support/errata/RHSA-2011-0153.html
ssvc Attend http://www.redhat.com/support/errata/RHSA-2011-0153.html
cvssv3.1 7.8 http://www.securityfocus.com/archive/1/515172/100/0/threaded
cvssv3.1 7.8 http://www.securityfocus.com/archive/1/515172/100/0/threaded
ssvc Attend http://www.securityfocus.com/archive/1/515172/100/0/threaded
ssvc Attend http://www.securityfocus.com/archive/1/515172/100/0/threaded
cvssv3.1 7.8 http://www.securityfocus.com/bid/45341
cvssv3.1 7.8 http://www.securityfocus.com/bid/45341
ssvc Attend http://www.securityfocus.com/bid/45341
ssvc Attend http://www.securityfocus.com/bid/45341
cvssv3.1 7.8 http://www.securitytracker.com/id?1024859
cvssv3.1 7.8 http://www.securitytracker.com/id?1024859
ssvc Attend http://www.securitytracker.com/id?1024859
ssvc Attend http://www.securitytracker.com/id?1024859
cvssv3.1 7.8 http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
cvssv3.1 7.8 http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
ssvc Attend http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
ssvc Attend http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
cvssv3.1 7.8 http://www.ubuntu.com/usn/USN-1060-1
cvssv3.1 7.8 http://www.ubuntu.com/usn/USN-1060-1
ssvc Attend http://www.ubuntu.com/usn/USN-1060-1
ssvc Attend http://www.ubuntu.com/usn/USN-1060-1
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2010/3171
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2010/3171
ssvc Attend http://www.vupen.com/english/advisories/2010/3171
ssvc Attend http://www.vupen.com/english/advisories/2010/3171
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2010/3204
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2010/3204
ssvc Attend http://www.vupen.com/english/advisories/2010/3204
ssvc Attend http://www.vupen.com/english/advisories/2010/3204
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0135
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0135
ssvc Attend http://www.vupen.com/english/advisories/2011/0135
ssvc Attend http://www.vupen.com/english/advisories/2011/0135
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0245
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0245
ssvc Attend http://www.vupen.com/english/advisories/2011/0245
ssvc Attend http://www.vupen.com/english/advisories/2011/0245
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0364
cvssv3.1 7.8 http://www.vupen.com/english/advisories/2011/0364
ssvc Attend http://www.vupen.com/english/advisories/2011/0364
ssvc Attend http://www.vupen.com/english/advisories/2011/0364
Reference id Reference type URL
http://bugs.exim.org/show_bug.cgi?id=1044
http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://openwall.com/lists/oss-security/2010/12/10/1
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4345
https://bugzilla.redhat.com/show_bug.cgi?id=662012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345
http://secunia.com/advisories/42576
http://secunia.com/advisories/42930
http://secunia.com/advisories/43128
http://secunia.com/advisories/43243
http://www.cpanel.net/2010/12/critical-exim-security-update.html
http://www.debian.org/security/2010/dsa-2131
http://www.debian.org/security/2011/dsa-2154
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://www.kb.cert.org/vuls/id/758489
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://www.redhat.com/support/errata/RHSA-2011-0153.html
http://www.securityfocus.com/archive/1/515172/100/0/threaded
http://www.securityfocus.com/bid/45341
http://www.securitytracker.com/id?1024859
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
http://www.ubuntu.com/usn/USN-1060-1
http://www.vupen.com/english/advisories/2010/3171
http://www.vupen.com/english/advisories/2010/3204
http://www.vupen.com/english/advisories/2011/0135
http://www.vupen.com/english/advisories/2011/0245
http://www.vupen.com/english/advisories/2011/0364
606527 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
CVE-2010-4345 https://nvd.nist.gov/vuln/detail/CVE-2010-4345
GLSA-201401-32 https://security.gentoo.org/glsa/201401-32
RHSA-2011:0153 https://access.redhat.com/errata/RHSA-2011:0153
USN-1060-1 https://usn.ubuntu.com/1060-1/
Data source Exploit-DB
Date added Dec. 16, 2010
Description Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
Ransomware campaign use Known
Source publication date Dec. 16, 2010
Exploit type remote
Platform linux
Source update date March 6, 2011
Data source Metasploit
Description This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer is not full prior to handling '%s' format specifiers within the 'string_vformat' function. In order to trigger this issue, we get our message rejected by sending a message that is too large. This will call into log_write to log rejection headers (which is a default configuration setting). After filling the buffer, a long header string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL FROM' command. By sending a second message, the string we sent will be evaluated with 'expand_string' and arbitrary shell commands can be executed. It is likely that this issue could also be exploited using other techniques such as targeting in-band heap management structures, or perhaps even function pointers stored in the heap. However, these techniques would likely be far more platform specific, more complicated, and less reliable. This bug was original found and reported in December 2008, but was not properly handled as a security issue. Therefore, there was a 2 year lag time between when the issue was fixed and when it was discovered being exploited in the wild. At that point, the issue was assigned a CVE and began being addressed by downstream vendors. An additional vulnerability, CVE-2010-4345, was also used in the attack that led to the discovery of danger of this bug. This bug allows a local user to gain root privileges from the Exim user account. If the Perl interpreter is found on the remote system, this module will automatically exploit the secondary bug as well to get root.
Note 
{}
Ransomware campaign use Unknown
Source publication date Dec. 7, 2010
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/exim4_string_format.rb
Data source KEV
Date added March 25, 2022
Description Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Required action Apply updates per vendor instructions.
Due date April 15, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2010-4345
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://bugs.exim.org/show_bug.cgi?id=1044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://bugs.exim.org/show_bug.cgi?id=1044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://bugs.exim.org/show_bug.cgi?id=1044
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://bugs.exim.org/show_bug.cgi?id=1044
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2010/12/10/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2010/12/10/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://openwall.com/lists/oss-security/2010/12/10/1
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://openwall.com/lists/oss-security/2010/12/10/1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=662012
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=662012
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=662012
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=662012
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/42576
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/42576
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42930
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42930
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/42930
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/42930
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/43128
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/43128
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/43128
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/43128
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/43243
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/43243
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/43243
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://secunia.com/advisories/43243
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4345
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4345
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4345
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.cpanel.net/2010/12/critical-exim-security-update.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.cpanel.net/2010/12/critical-exim-security-update.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.cpanel.net/2010/12/critical-exim-security-update.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.cpanel.net/2010/12/critical-exim-security-update.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2010/dsa-2131
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2010/dsa-2131
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.debian.org/security/2010/dsa-2131
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.debian.org/security/2010/dsa-2131
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2011/dsa-2154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2011/dsa-2154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.debian.org/security/2011/dsa-2154
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.debian.org/security/2011/dsa-2154
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/758489
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/758489
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.kb.cert.org/vuls/id/758489
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.kb.cert.org/vuls/id/758489
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.redhat.com/support/errata/RHSA-2011-0153.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.redhat.com/support/errata/RHSA-2011-0153.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.redhat.com/support/errata/RHSA-2011-0153.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.redhat.com/support/errata/RHSA-2011-0153.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/45341
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/45341
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securityfocus.com/bid/45341
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securityfocus.com/bid/45341
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id?1024859
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id?1024859
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securitytracker.com/id?1024859
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.securitytracker.com/id?1024859
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1060-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1060-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.ubuntu.com/usn/USN-1060-1
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.ubuntu.com/usn/USN-1060-1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2010/3171
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2010/3171
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3204
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3204
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2010/3204
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2010/3204
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0135
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0135
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0245
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0245
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0245
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0245
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2011/0364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0364
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/ Found at http://www.vupen.com/english/advisories/2011/0364
Exploit Prediction Scoring System (EPSS)
Percentile 0.85062
EPSS Score 0.01123
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.