3 months ago

Exim Internet Mailer Found Vulnerable to RCE as well as DoS Bugs; Patch today


A security researcher has discovered as well as publicly disclosed two critical vulnerabilities inside the favorite Internet mail message transfer agent Exim, one of which could allow a remote attacker to execute malicious code on the targeted server.

Exim is actually an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is actually responsible for routing, delivering as well as receiving email messages.

The first vulnerability, identified as CVE-2017-16943, is actually a use-after-free bug which could be exploited to remotely execute arbitrary code inside the SMTP server by crafting a sequence of BDAT commands.

“To trigger This kind of bug, BDAT command is actually necessary to perform an allocation by raising an error,” the researcher said. “Through our research, we confirm that will This kind of vulnerability can be exploited to remote code execution if the binary is actually not compiled with PIE.”

The researcher (mehqq_) has also published a Proof-of-Concept (PoC) exploit code written in python that will could allow anyone to gain code execution on vulnerable Exim servers.

The second vulnerability, identified as CVE-2017-16944, is actually a denial of service (DoS) flaw that will could allow a remote attacker to hang Exim servers even the connection is actually closed by forcing This kind of to run in an infinite loop without crashing.

The flaw exists due to improper checking for a ‘.’ character to signify the end of an email when parsing the BDAT data header.

“The receive_msg function in receive.c inside the SMTP daemon in Exim 4.88 as well as 4.89 allows remote attackers to cause a denial of service (infinite loop as well as stack exhaustion) via vectors involving BDAT commands as well as an improper check for a ‘.’ character signifying the end of the content, related to the bdat_getc function,” the vulnerability description reads.

The researcher has also included a proof-of-concept (PoC) exploit due to This kind of vulnerability as well, producing Exim server run out of stack as well as crash.

Both vulnerabilities reside in Exim edition 4.88 as well as 4.89, as well as sysadmins are recommended to update their mail transfer agent application Exim edition 4.90 released on GitHub.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

twelve − 9 =