Exim arbitrary code execution

A vulnerability has been found in the popular email software Exim

Exim logo

Summary:

Today’s exploit of the day is one affecting one of the most popular mail transfer agent.
That has been actively used since its creation in 1995.
A buffer overflow vulnerability has been found in the TLS negotiation code of Exim.
A specially crafted TLS package could potentially lead to code execution.
Exim is included in the default installation in several operating systems such as Debian and Ubuntu, if you are not using it we recommend that you disable it using systemctl:

find it:
root@linux:~# service --status-all | grep exim
 [ + ]  exim4

disable it:
root@linux:~# systemctl disable exim4

Affected systems

  • Exim instances running a version prior to 4.92.2

The vulnerability has been given the CVE of CVE-2019-15846.

A simple shodan search for Exim displays 5 million hosts running Exim.
https://www.shodan.io/search?query=exim

External links:
Exim wikipedia
exim.org
Bugtraq
Openwall email list
carnegie mellon univeristy cert
Rapid 7 Cpanel

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.