FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exim -- local privilege escalation

Affected packages
exim < 4.73

Details

VuXML ID e4fcf020-0447-11e0-becc-0022156e8794
Discovery 2010-12-10
Entry 2011-01-08

David Woodhouse reports:

Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further ${run ...} commands will be invoked as root.

References

CVE Name CVE-2010-4345
URL http://www.exim.org/lurker/message/20101209.022730.dbb6732d.en.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3