News

Exim developers fixed a new critical vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server.

The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2.

The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM.

The problem is with the heap buffer overflow in string_vformat (string.c) that occurs when Exim processes an extremely long string in the Extended HELO (EHLO) of the Extended Simple Mail Transfer Protocol (ESMTP) command message.

“There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist and remote code execution seems to be possible”, — Exim’s security team said.

In fact, this means that an attacker can inject malicious code into EHLO, thereby remotely provoking an error in the server. This can lead to both denial of service and code execution, researchers warn.

Although no attacks on this vulnerability have been detected yet, a PoC exploit has already been published in the public domain.

Recalling, this is not the first serious problem in Exim in recent times. For example, last summer Exim found a bug CVE-2019-10149, which allowed attackers to run commands as root on remote mail servers.

Soon was found another critical vulnerability, CVE-2019-15846, which also allowed the execution of arbitrary code with root privileges. According to a mail server survey published by E-Soft Inc, Exim is currently the most used MX server being installed on more than 57% out of a total of 1,740,809 mail servers reachable on the Internet, representing just over 507,000 Exim servers.

What’s important is that hundreds of thousands — if not millions of servers — are currently exposed to denial of service (possibly to remote code execution) and remote command execution attacks if not urgently patched against CVE-2019-16928 and CVE-2019-15846.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

7 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

7 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

7 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

8 hours ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

11 hours ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

11 hours ago