製品・ソフトウェアに関する情報

JVN脆弱性詳細

Exim における権限昇格の脆弱性

Title	Exim における権限昇格の脆弱性
Summary	Exim には、設定ファイルの処理に起因する権限昇格の脆弱性が存在します。 Exim は、Cambridge 大学で開発された Unix システム向けのメール転送エージェントです。 Exim を設定オプション ALT_CONFIG_ROOT_ONLY を指定しないでビルドすると、ユーザは任意の設定ファイルを使用することが可能になります。結果として、指定された設定ファイル内に存在する ${run…} はすべて root 権限で実行されます。なお、本脆弱性を使用した攻撃活動が確認されています。
Possible impacts	Exim を実行できる一般ユーザによって、root 権限で任意のコードを実行される可能性があります。
Solution	2010年12月14日現在、対策方法はありません。 [ワークアラウンドを実施する] 対策版が公開されるまでの間、以下の回避策を適用することで本脆弱性の影響を軽減することが可能です。・設定オプション ALT_CONFIG_ROOT_ONLY を指定してビルドする
Publication Date	Dec. 14, 2010, midnight
Registration Date	Jan. 19, 2011, 3:41 p.m.
Last Update	Jan. 19, 2011, 3:41 p.m.

CVSS2.0 : 警告
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Exim Development

Exim

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4345	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345
National Vulnerability Database (NVD)
2	CVE-2010-4345	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4345

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Exim
1	1044	http://bugs.exim.org/show_bug.cgi?id=1044
2	ChangeLog-4.73	http://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.73
3	Exim security issue in historical release	http://lists.exim.org/lurker/message/20101213.140800.7c3bae4b.en.html
4	Remote root vulnerability in Exim	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Red Hat Security Advisory
5	RHSA-2011:0153	https://rhn.redhat.com/errata/RHSA-2011-0153.html

その他

No	Name	URL
JVN
1	JVNVU#758489	http://jvn.jp/cert/JVNVU758489
SecurityFocus
2	45341	http://www.securityfocus.com/bid/45341
SecurityTracker
3	1024859	http://www.securitytracker.com/id?1024859
US-CERT Vulnerability Note
4	VU#758489	http://www.kb.cert.org/vuls/id/758489
VUPEN Security
5	VUPEN/ADV-2010-3171	http://www.vupen.com/english/advisories/2010/3171

Change Log

No	Changed Details	Date of change
0	[2011年01月19日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4345

Summary	Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Publication Date	Dec. 15, 2010, 1 a.m.
Registration Date	Jan. 29, 2021, 11:08 a.m.
Last Update	Nov. 21, 2024, 10:20 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:exim:exim::::::::			4.72

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:opensuse:opensuse:11.2:::::::*
cpe:2.3:o:opensuse:opensuse:11.3:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:5.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.exim.org/show_bug.cgi?id=1044	Issue Tracking Patch
2	http://bugs.exim.org/show_bug.cgi?id=1044	Issue Tracking Patch
3	http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html	Mailing List Patch
4	http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html	Mailing List Patch
5	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	Mailing List
6	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	Mailing List
7	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	Mailing List Third Party Advisory
9	http://openwall.com/lists/oss-security/2010/12/10/1	Mailing List
10	http://openwall.com/lists/oss-security/2010/12/10/1	Mailing List
11	http://secunia.com/advisories/42576	Broken Link Vendor Advisory
12	http://secunia.com/advisories/42576	Broken Link Vendor Advisory
13	http://secunia.com/advisories/42930	Broken Link
14	http://secunia.com/advisories/42930	Broken Link
15	http://secunia.com/advisories/43128	Broken Link
16	http://secunia.com/advisories/43128	Broken Link
17	http://secunia.com/advisories/43243	Broken Link
18	http://secunia.com/advisories/43243	Broken Link
19	http://www.cpanel.net/2010/12/critical-exim-security-update.html	Broken Link
20	http://www.cpanel.net/2010/12/critical-exim-security-update.html	Broken Link
21	http://www.debian.org/security/2010/dsa-2131	Mailing List Third Party Advisory
22	http://www.debian.org/security/2010/dsa-2131	Mailing List Third Party Advisory
23	http://www.debian.org/security/2011/dsa-2154	Mailing List Third Party Advisory
24	http://www.debian.org/security/2011/dsa-2154	Mailing List Third Party Advisory
25	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	Mailing List Vendor Advisory
26	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	Mailing List Vendor Advisory
27	http://www.kb.cert.org/vuls/id/758489	Third Party Advisory US Government Resource
28	http://www.kb.cert.org/vuls/id/758489	Third Party Advisory US Government Resource
29	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	Third Party Advisory
30	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	Third Party Advisory
31	http://www.openwall.com/lists/oss-security/2021/05/04/7	Mailing List
32	http://www.openwall.com/lists/oss-security/2021/05/04/7	Mailing List
33	http://www.redhat.com/support/errata/RHSA-2011-0153.html	Broken Link
34	http://www.redhat.com/support/errata/RHSA-2011-0153.html	Broken Link
35	http://www.securityfocus.com/archive/1/515172/100/0/threaded	Broken Link Third Party Advisory VDB Entry
36	http://www.securityfocus.com/archive/1/515172/100/0/threaded	Broken Link Third Party Advisory VDB Entry
37	http://www.securityfocus.com/bid/45341	Broken Link Third Party Advisory VDB Entry
38	http://www.securityfocus.com/bid/45341	Broken Link Third Party Advisory VDB Entry
39	http://www.securitytracker.com/id?1024859	Broken Link Third Party Advisory VDB Entry
40	http://www.securitytracker.com/id?1024859	Broken Link Third Party Advisory VDB Entry
41	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	Press/Media Coverage Third Party Advisory
42	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	Press/Media Coverage Third Party Advisory
43	http://www.ubuntu.com/usn/USN-1060-1	Third Party Advisory
44	http://www.ubuntu.com/usn/USN-1060-1	Third Party Advisory
45	http://www.vupen.com/english/advisories/2010/3171	Broken Link Vendor Advisory
46	http://www.vupen.com/english/advisories/2010/3171	Broken Link Vendor Advisory
47	http://www.vupen.com/english/advisories/2010/3204	Broken Link Vendor Advisory
48	http://www.vupen.com/english/advisories/2010/3204	Broken Link Vendor Advisory
49	http://www.vupen.com/english/advisories/2011/0135	Broken Link
50	http://www.vupen.com/english/advisories/2011/0135	Broken Link
51	http://www.vupen.com/english/advisories/2011/0245	Broken Link
52	http://www.vupen.com/english/advisories/2011/0245	Broken Link
53	http://www.vupen.com/english/advisories/2011/0364	Broken Link
54	http://www.vupen.com/english/advisories/2011/0364	Broken Link
55	https://bugzilla.redhat.com/show_bug.cgi?id=662012	Issue Tracking Patch
56	https://bugzilla.redhat.com/show_bug.cgi?id=662012	Issue Tracking Patch

Common Vulnerabilities List