CVE-2010-4345
- EPSS 17.79%
- Veröffentlicht 14.12.2010 16:00:04
- Zuletzt bearbeitet 16.06.2026 23:24:36
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory direct...
CVE-2010-4344
- EPSS 71.9%
- Veröffentlicht 14.12.2010 16:00:04
- Zuletzt bearbeitet 16.06.2026 23:24:36
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted hea...
CVE-2010-2023
- EPSS 0.28%
- Veröffentlicht 07.06.2010 17:12:48
- Zuletzt bearbeitet 16.06.2026 23:19:50
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a...
CVE-2010-2024
- EPSS 0.28%
- Veröffentlicht 07.06.2010 17:12:48
- Zuletzt bearbeitet 16.06.2026 23:19:50
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lock...