Privilege Escalation via Arbitrary Command Execution in Exim 4.72 and Earlier

Privilege Escalation via Arbitrary Command Execution in Exim 4.72 and Earlier

CVE-2010-4345 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

Learn more about our User Device Pen Test.