CVE-2010-2024 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
exim	exim	𝑥 ≤ 4.71
exim	exim	4.10
exim	exim	4.20
exim	exim	4.21
exim	exim	4.22
exim	exim	4.23
exim	exim	4.24
exim	exim	4.30
exim	exim	4.31
exim	exim	4.32
exim	exim	4.33
exim	exim	4.34
exim	exim	4.40
exim	exim	4.41
exim	exim	4.42
exim	exim	4.43
exim	exim	4.44
exim	exim	4.50
exim	exim	4.51
exim	exim	4.52
exim	exim	4.53
exim	exim	4.54
exim	exim	4.60
exim	exim	4.61
exim	exim	4.62
exim	exim	4.63
exim	exim	4.64
exim	exim	4.65
exim	exim	4.66
exim	exim	4.67
exim	exim	4.68
exim	exim	4.69
exim	exim	4.70

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

exim4

bookworm	4.96-15+deb12u5 fixed
bookworm (security)	4.96-15+deb12u5 fixed
bullseye	4.94.2-7+deb11u3 fixed
bullseye (security)	4.94.2-7+deb11u4 fixed
lenny	no-dsa
sid	4.98-2 fixed
trixie	4.98-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

exim4

dapper	Fixed 4.60-3ubuntu3.3 released
hardy	Fixed 4.69-2ubuntu0.3 released
jaunty	ignored
karmic	Fixed 4.69-11ubuntu4.2 released
lucid	Fixed 4.71-3ubuntu1.1 released
maverick	Fixed 4.72-1ubuntu1 released

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html

http://bugs.exim.org/show_bug.cgi?id=989

http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40019

http://secunia.com/advisories/40123

http://secunia.com/advisories/43243

http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26

http://www.securityfocus.com/archive/1/511653/100/0/threaded

http://www.securityfocus.com/bid/40454

http://www.ubuntu.com/usn/USN-1060-1

http://www.vupen.com/english/advisories/2010/1402

http://www.vupen.com/english/advisories/2011/0364

https://bugzilla.redhat.com/show_bug.cgi?id=600097

https://exchange.xforce.ibmcloud.com/vulnerabilities/59042

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html

http://bugs.exim.org/show_bug.cgi?id=989

http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40019

http://secunia.com/advisories/40123

http://secunia.com/advisories/43243

http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26

http://www.securityfocus.com/archive/1/511653/100/0/threaded

http://www.securityfocus.com/bid/40454

http://www.ubuntu.com/usn/USN-1060-1

http://www.vupen.com/english/advisories/2010/1402

http://www.vupen.com/english/advisories/2011/0364

https://bugzilla.redhat.com/show_bug.cgi?id=600097

https://exchange.xforce.ibmcloud.com/vulnerabilities/59042