Open-source Exim remote attack bug: 400,000 servers still vulnerable

Open-source Exim remote attack bug: 400,000 servers still vulnerable


Admins are being urged to update email server program Exim, patched in February, to close a remote execution flaw.
All versions of the Exim message transfer agent (MTA) before version 4.90.1, released in early February, are vulnerable to the attack.
Meh Chang from security firm Devcore Security Consulting reported the bug to Exim developers on February 2, and a patch was released five days later. But Chang warns there are still at least 400,000 servers running a vulnerable version of Exim.
Exim is one of the email MTA services available to use with Ubuntu, while Exim4 is the default for Debian. Exim stands for EXperimental Internet Mailer and was developed at the University of Cambridge in the UK in 1995 for Unix systems as an alternative to Sendmail.
The vulnerability is due to a one-byte heap overflow in Exim’s base64 decoding. Chang developed an exploit for it in Debian and Ubuntu that targeted the SMTP daemon of Exim and tricks its memory-management mechanism.
Exim’s advisory notes that the remote execution of the flaw “seems to be possible” using a specially crafted message. Its timeline also notes that one of the distributions given restricted access to its security repository almost immediately broke the embargo.

Submitted by: Arnfried Walbrecht


Comments are closed.