Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.
A security researcher from Taiwan-based security firm DEVCORE has discovered that Exim is vulnerable to a couple of possibly serious flaws.
According to the report published on the bug tracker, the first vulnerability tracked as CVE-2017-16943 and classified as critical, is a use-after-free bug related to a feature called “chunking.”, which could allow a remote attacker to execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands.
Chunking is a feature that enables sending emails in chunks. BDAT commands specify the length of the binary data packet so that the Simple Mail Transfer Protocol (SMTP) host does not have to continuously look for the end of the data.
The second vulnerability discovered by the researcher is CVE-2017-16944, which is a high severity issue that enables a remote attacker to cause a DoS condition using specially crafted BDAT commands.
The details of the code execution flaw were published on the Exim Bugzilla on November 23. System administrators are recommended to update their installs to the Exim version 4.90 ASAP to patch these vulnerabilities.
