CVE 2010-4345
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Related bugs and status
CVE-2010-4345 (Candidate) is related to these bugs:
Bug #692848: Regression between 2.6.32-27 and 2.6.32-26 xfsdump SGI_FS_BULKSTAT errno = 22
Bug #697934: Merge exim4 4.73~rc1-1 (main) from Debian experimental (main)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 697934 | Merge exim4 4.73~rc1-1 (main) from Debian experimental (main) | exim4 (Ubuntu) | Undecided | Fix Released | ||
Bug #708023: exim 4.74 released fixes CVE-2011-0017
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Hardy) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Dapper) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Lucid) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Natty) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Maverick) | Medium | Fix Released | ||
| 708023 | exim 4.74 released fixes CVE-2011-0017 | exim4 (Ubuntu Karmic) | Medium | Fix Released | ||
Bug #731199: CVE-2010-4164
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 731199 | CVE-2010-4164 | linux (Ubuntu) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Natty) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Natty) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Natty) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Natty) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Natty) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Maverick) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Maverick) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Maverick) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Maverick) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Lucid) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Lucid) | Undecided | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Lucid) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Karmic) | Medium | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Karmic) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Karmic) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Hardy) | Medium | Fix Released | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Hardy) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Hardy) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Hardy) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux (Ubuntu Dapper) | Medium | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-fsl-imx51 (Ubuntu Dapper) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-lts-backport-maverick (Ubuntu Dapper) | Undecided | Won't Fix | ||
| 731199 | CVE-2010-4164 | linux-mvl-dove (Ubuntu Dapper) | Undecided | Invalid | ||
| 731199 | CVE-2010-4164 | linux-ti-omap4 (Ubuntu Dapper) | Undecided | Invalid | ||
Bug #731971: CVE-2010-4346
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 731971 | CVE-2010-4346 | linux (Ubuntu) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Natty) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Natty) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Natty) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Natty) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Natty) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Maverick) | Undecided | Fix Released | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Maverick) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Maverick) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Maverick) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Lucid) | Low | Fix Released | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Lucid) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Karmic) | Low | Fix Released | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Karmic) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Karmic) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Hardy) | Low | Fix Released | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Hardy) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Hardy) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Hardy) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux (Ubuntu Dapper) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-fsl-imx51 (Ubuntu Dapper) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-lts-backport-maverick (Ubuntu Dapper) | Undecided | Won't Fix | ||
| 731971 | CVE-2010-4346 | linux-mvl-dove (Ubuntu Dapper) | Undecided | Invalid | ||
| 731971 | CVE-2010-4346 | linux-ti-omap4 (Ubuntu Dapper) | Undecided | Invalid | ||
Bug #737663: linux: 2.6.31-23.75 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 737663 | linux: 2.6.31-23.75 -proposed tracker | linux (Ubuntu) | Medium | Invalid | ||
| 737663 | linux: 2.6.31-23.75 -proposed tracker | linux (Ubuntu Karmic) | Undecided | Fix Released | ||
| 737663 | linux: 2.6.31-23.75 -proposed tracker | linux-ec2 (Ubuntu) | Undecided | Invalid | ||
| 737663 | linux: 2.6.31-23.75 -proposed tracker | linux-ec2 (Ubuntu Karmic) | Undecided | Fix Released | ||
Bug #737761: linux-ec2: 2.6.31-308.29 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 737761 | linux-ec2: 2.6.31-308.29 -proposed tracker | linux-ec2 (Ubuntu) | Medium | Invalid | ||
| 737761 | linux-ec2: 2.6.31-308.29 -proposed tracker | linux-ec2 (Ubuntu Karmic) | Undecided | Won't Fix | ||
See the 
CVE page on Mitre.org
for more details.
