News

Exim developers fixed a new critical vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server.

The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2.

The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM.

The problem is with the heap buffer overflow in string_vformat (string.c) that occurs when Exim processes an extremely long string in the Extended HELO (EHLO) of the Extended Simple Mail Transfer Protocol (ESMTP) command message.

“There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist and remote code execution seems to be possible”, — Exim’s security team said.

In fact, this means that an attacker can inject malicious code into EHLO, thereby remotely provoking an error in the server. This can lead to both denial of service and code execution, researchers warn.

Although no attacks on this vulnerability have been detected yet, a PoC exploit has already been published in the public domain.

Recalling, this is not the first serious problem in Exim in recent times. For example, last summer Exim found a bug CVE-2019-10149, which allowed attackers to run commands as root on remote mail servers.

Soon was found another critical vulnerability, CVE-2019-15846, which also allowed the execution of arbitrary code with root privileges. According to a mail server survey published by E-Soft Inc, Exim is currently the most used MX server being installed on more than 57% out of a total of 1,740,809 mail servers reachable on the Internet, representing just over 507,000 Exim servers.

What’s important is that hundreds of thousands — if not millions of servers — are currently exposed to denial of service (possibly to remote code execution) and remote command execution attacks if not urgently patched against CVE-2019-16928 and CVE-2019-15846.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

20 hours ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

20 hours ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

20 hours ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

20 hours ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

20 hours ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

20 hours ago