The Exim Mail Server Trilogy


Exim is the most used MX server with more than 57% installations on mail servers reachable on the Internet. Exim has released an urgent security update today. The vendor had released an early security warning to install the updates immediately after release.

The vulnerability is tracked as CVE-2019-16928 and classified as heap-based buffer overflow (CWE-122). The flaw exists in ‘string_vformat’ in file string.c‘. This vulnerability allows attackers to potentially execute arbitrary code or crash the application. The bug is essentially a simple coding error where the length of the EHLO string was not taken into consideration and was corrected with a one line fix handling the length of string sent to the buffer.

fig. fixed patch for vulnerability

A Proof of Concept has been published by Jeremy Harris of Exim Development Team. While this exploit uses a specially crafted EHLO string to only crash the Exim process, there could be other commands used to execute arbitrary code. An unauthenticated remote attacker can cause denial of service by sending an extended EHLO string with large amounts of data.

A month ago, Exim mail server was patched for a critical remote code execution vulnerability (CVE-2019-15846) which allowed a remote unauthenticated attacker to execute programs with root privileges. In July, Exim was patched for another critical remote command execution vulnerability (CVE-2019-10149) which was actively exploited in the wild. Get detailed information about these vulnerabilities in our blogs on CVE-2019-15846 and CVE-2019-10149. We request system administrators to install the latest updates for Exim Mail Server as soon as possible.


Affected Products:
Exim Mail Server versions 4.92 through 4.92.2.


Impact:
An attacker can execute arbitrary code or cause denial of service.


Solution:
Please refer to this KB Article to apply the patches using SanerNow.


 

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments