Mon. Nov 18th, 2019

Critical Exim Flaw Exposes Email Servers to Remote Attack

A critical vulnerability has been discovered and fixed in the Exim email server software.

 

According to Exim, this specific vulnerability has been identified as CVE-2019-16928 — a memory corruption issue. The flaw exists in the string “_vformat”, which is part of the file (string.c) of the component EHLO Command Handler. An EHLO command is an Extended Simple Mail Transfer Protocol (ESMTP) command sent by an email server to identify itself when connecting to another email server to start the process of sending an email.

 

An advisory released Friday states, “the currently known exploit uses an extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation, Exim already dropped its privileges, other paths to reach the vulnerable code may exist.”

 

If exploited, the security flaw could lead to denial of service (DoS) attacks or possibly remote code execution attacks.

 

The flaw impacts Exim versions between 4.92 up to 4.92.2. A fix has been issued with the release of Exim version 4.92.3.