CVE 2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Related bugs and status
CVE-2010-4345 (Candidate) is related to these bugs:
Bug #692848: Regression between 2.6.32-27 and 2.6.32-26 xfsdump SGI_FS_BULKSTAT errno = 22
Bug #697934: Merge exim4 4.73~rc1-1 (main) from Debian experimental (main)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
697934 | Merge exim4 4.73~rc1-1 (main) from Debian experimental (main) | exim4 (Ubuntu) | Undecided | Fix Released |
Bug #708023: exim 4.74 released fixes CVE-2011-0017
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Hardy) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Dapper) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Lucid) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Natty) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Maverick) | Medium | Fix Released | ||
708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Karmic) | Medium | Fix Released |
Bug #731199: CVE-2010-4164
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
731199 | CVE-2010-4164 | linux (Ubuntu) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux (Ubuntu Natty) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Natty) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Natty) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Natty) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Natty) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux (Ubuntu Maverick) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Maverick) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Maverick) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Maverick) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Maverick) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux (Ubuntu Lucid) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Lucid) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Lucid) | Undecided | Fix Released | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Lucid) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux (Ubuntu Karmic) | Medium | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Karmic) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Karmic) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Karmic) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Karmic) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux (Ubuntu Hardy) | Medium | Fix Released | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Hardy) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Hardy) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Hardy) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Hardy) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux (Ubuntu Dapper) | Medium | Won't Fix | ||
731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Dapper) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Dapper) | Undecided | Won't Fix | ||
731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Dapper) | Undecided | Invalid | ||
731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Dapper) | Undecided | Invalid |
Bug #731971: CVE-2010-4346
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
731971 | CVE-2010-4346 | linux (Ubuntu) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux (Ubuntu Natty) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Natty) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Natty) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Natty) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Natty) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux (Ubuntu Maverick) | Undecided | Fix Released | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Maverick) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Maverick) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Maverick) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Maverick) | Undecided | Fix Released | ||
731971 | CVE-2010-4346 | linux (Ubuntu Lucid) | Low | Fix Released | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Lucid) | Undecided | Fix Released | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Lucid) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Lucid) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux (Ubuntu Karmic) | Low | Fix Released | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Karmic) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Karmic) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Karmic) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Karmic) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux (Ubuntu Hardy) | Low | Fix Released | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Hardy) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Hardy) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Hardy) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Hardy) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux (Ubuntu Dapper) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Dapper) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Dapper) | Undecided | Won't Fix | ||
731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Dapper) | Undecided | Invalid | ||
731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Dapper) | Undecided | Invalid |
Bug #737663: linux: 2.6.31-23.75 -proposed tracker
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
737663 | linux: 2.6.31-23.75 -proposed tracker | linux (Ubuntu) | Medium | Invalid | ||
737663 | linux: 2.6.31-23.75 -proposed tracker | linux (Ubuntu Karmic) | Undecided | Fix Released | ||
737663 | linux: 2.6.31-23.75 -proposed tracker | linux-ec2 (Ubuntu) | Undecided | Invalid | ||
737663 | linux: 2.6.31-23.75 -proposed tracker | linux-ec2 (Ubuntu Karmic) | Undecided | Fix Released |
Bug #737761: linux-ec2: 2.6.31-308.29 -proposed tracker
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
737761 | linux-ec2: 2.6.31-308.29 -proposed tracker | linux-ec2 (Ubuntu) | Medium | Invalid | ||
737761 | linux-ec2: 2.6.31-308.29 -proposed tracker | linux-ec2 (Ubuntu Karmic) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.