Exim Suffers Another Remote Code Execution ‘Critical ‘ Fault


Recall the critical remote code execution vulnerability of CVE-2019-15846 in Exim’s email server from mid-September?

Just two weeks later, the software managers released a notice for a possibly troublesome bug recognized as CVE-2019-16928 which was awarded the same critical score.

The following is defined as affecting all versions of Exim, from 4.92 to 4.92.2, including:

A string vformat heap-based buffer overflow (string.c). The renowned exploit utilizes an exceptional lengthy EHLO string to crash the Exim process that receives the email.

The “presently recognized feat” relates to a notion evidence produced by QAX A-Team that reported the defect.

This could at least lead to a denial of service crash in the software, but it could also lead to remote code execution more worryingly.

The fault isn’t aimed yet in the wild, but there is a danger that this could be time consuming, since it seems comparatively simple to use.

It’s not as if there aren’t enough Exim mail transfer officers to target–Shodan estimates that around 3.5 million marks are running the vulnerable version, just over half of the email servers on the web.

Bug fixation was easy enough, Jeremy Harris, developer of Exim, wrote: it’s a straightforward coding mistake, not enough to increase a string. One-line fix.

However, the bug is not mitigated, so the patched version 4.92.3 is applied as quickly as possible.

Keeping up

Exim was lately in the wars. In relation to the CVE-2019-16928 and CVE-2019-15846 in this week, July saw another RCE under the CVE-2019-13917, which reached a failure to execute the remote command just weeks after CVE-2019-10149.

All unpatched faults are important but, with the history of Exim targeting attackers, these are perhaps more important than most-assaults aimed at CVE-2019-10149, for example, have been identified within a week of the fault becoming public knowledge.

Earlier this year, admins from Exim were led to hurry up, and patch CVE-2018-6789, a February defect that had not patched at least half a million servers weeks ago.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.