Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.
The vulnerability exists in the SMTP service listening on TCP port 25 by default. The Exim server improperly neutralizes special characters in user-supplied data (CWE-138), leading to memory corruption. An attacker can send crafted data to the SMTP service without authentication, thereby triggering arbitrary code execution in the context of the current process.
An attacker can remotely execute arbitrary code in the context of the Exim process, which in practice means the ability to take control of the mail server, steal data, or perform further lateral movement in the network.
Patches available from the vendor should be applied according to the references. Users of Debian distributions should review the debian-lts-announce message from October 2024. Additionally, it is recommended to restrict access to TCP port 25 only from trusted sources at the firewall level as a temporary measure.
Exim — versions indicated in vendor references (vulnerability tracked as ZDI-CAN-17554)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExim
APPExim< 4.96.2
Related vulnerabilities
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is...
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in delive...
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handc...
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attack...
Exim: use-after-free w parsowaniu BDAT — zdalne wykonanie kodu