A critical vulnerability exposed millions of Exim servers to a serious threat of remote attacks. The vulnerability could allow an attacker to execute malicious code on target machine with root privileges.
Vulnerability Found In Exim Servers
Researchers have found a critical vulnerability in Exim servers that posed a risk to millions of devices. Initially reported by Zerons, the vulnerability exposed the servers to remote attacks.
As explained by Tenable in an advisory, this vulnerability CVE-2019-15846 resembles the one they reported earlier in June (CVE-2019-10149). Upon an exploit, the flaw could let an adversary take complete control of the target servers.
The vulnerability primarily existed in the way an Exim server accepted TLS. Stating about the flaw in their advisory, Exim stated,
The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.
Sending the malicious SNI ending could result in a buffer overflow in the SMTP delivery process, thereby letting an attacker inject and execute malicious codes with root access.
Since the vulnerability is independent of the TLS library, it affects both GnuTLS and OpenSSL.
Exim Released A Fix
According to the timeline shared in Exim’s advisory, the researcher discovered the bug in July 2019. Following the report, Exim worked on a patch and released the fix in September 2019.
As confirmed by Exim, the vulnerability affected all versions until 4.92.1. Consequently, the vendors have patched the flaw with the release of version 4.92.2.
Besides, Exim also confirmed the existence of a rudimentary proof of concept that is not publicly disclosed.
Currently there is no known exploit, but a rudimentary POC exists.
Therefore, the users of Exim servers must ensure a quick update of their devices with the latest patched version to stay protected from any potential mishap.
Let us know your thoughts in the comments.