CVE-2010-2024 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.4 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Vendor	Product	Version
exim	exim	𝑥 ≤ 4.71
exim	exim	4.10
exim	exim	4.20
exim	exim	4.21
exim	exim	4.22
exim	exim	4.23
exim	exim	4.24
exim	exim	4.30
exim	exim	4.31
exim	exim	4.32
exim	exim	4.33
exim	exim	4.34
exim	exim	4.40
exim	exim	4.41
exim	exim	4.42
exim	exim	4.43
exim	exim	4.44
exim	exim	4.50
exim	exim	4.51
exim	exim	4.52
exim	exim	4.53
exim	exim	4.54
exim	exim	4.60
exim	exim	4.61
exim	exim	4.62
exim	exim	4.63
exim	exim	4.64
exim	exim	4.65
exim	exim	4.66
exim	exim	4.67
exim	exim	4.68
exim	exim	4.69
exim	exim	4.70

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

exim4

bullseye	4.94.2-7+deb11u3 fixed
lenny	no-dsa
bullseye (security)	4.94.2-7+deb11u4 fixed
bookworm	4.96-15+deb12u5 fixed
bookworm (security)	4.96-15+deb12u5 fixed
sid	4.98-2 fixed
trixie	4.98-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

exim4

maverick	Fixed 4.72-1ubuntu1 released
lucid	Fixed 4.71-3ubuntu1.1 released
karmic	Fixed 4.69-11ubuntu4.2 released
jaunty	ignored
hardy	Fixed 4.69-2ubuntu0.3 released
dapper	Fixed 4.60-3ubuntu3.3 released

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html

http://bugs.exim.org/show_bug.cgi?id=989

http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40019

http://secunia.com/advisories/40123

http://secunia.com/advisories/43243

http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26

http://www.securityfocus.com/archive/1/511653/100/0/threaded

http://www.securityfocus.com/bid/40454

http://www.ubuntu.com/usn/USN-1060-1

http://www.vupen.com/english/advisories/2010/1402

http://www.vupen.com/english/advisories/2011/0364

https://bugzilla.redhat.com/show_bug.cgi?id=600097

https://exchange.xforce.ibmcloud.com/vulnerabilities/59042

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html

http://bugs.exim.org/show_bug.cgi?id=989

http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40019

http://secunia.com/advisories/40123

http://secunia.com/advisories/43243

http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2

http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26

http://www.securityfocus.com/archive/1/511653/100/0/threaded

http://www.securityfocus.com/bid/40454

http://www.ubuntu.com/usn/USN-1060-1

http://www.vupen.com/english/advisories/2010/1402

http://www.vupen.com/english/advisories/2011/0364

https://bugzilla.redhat.com/show_bug.cgi?id=600097

https://exchange.xforce.ibmcloud.com/vulnerabilities/59042