Exim vulnerability opens 400,000 servers to remote code execution

If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it as all previous versions contain a vulnerability that can be exploited to achieve remote code execution.

The buffer overflow vulnerability in the base64 decode function of Exim (CVE-2018-6789) was discovered and reported by Meh Chang of the DEVCORE research team in early February 2018, and a patch was released five days later. “Generally, this bug is harmless because the memory overwritten is usually unused. However, this byte overwrites some critical data when the string fits some specific length,” the DEVCORE team explained in an advisory. “In addition, this byte is controllable, which makes exploitation more feasible. Base64 decoding is such a fundamental function and therefore this bug can be triggered easily, causing remote code execution.”

A March 2017 report showed that approximately 56% of the mail servers visible on the Internet ran Exim.

Read more about the Exim vulnerability due to which at least 400k servers are currently at risk on Help Net Security.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here