Security
Headlines
HeadlinesLatestCVEs

Headline

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows -

CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

The Hacker News
#vulnerability#web#git#rce#buffer_overflow#auth#zero_day#The Hacker News

Email Security / Hacking News

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution.

The list of flaws, which were reported anonymously way back in June 2022, is as follows -

  • CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
  • CVE-2023-42115 (CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
  • CVE-2023-42116 (CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
  • CVE-2023-42117 (CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
  • CVE-2023-42118 (CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
  • CVE-2023-42119 (CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

The most severe of the vulnerabilities is CVE-2023-42115, which allows remote, unauthenticated attackers to execute arbitrary code on affected installations of Exim.

“The specific flaw exists within the SMTP service, which listens on TCP port 25 by default,” the Zero Day Initiative said in an alert published this week.

“The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.”

Exim maintainers, in a message shared on the Open Source Security mailing list oss-security, said fixes for CVE-2023-42114, CVE-2023-42115, and CVE-2023-42116 are “available in a protected repository and are ready to be applied by the distribution maintainers.”

“The remaining issues are debatable or miss information we need to fix them,” adding it asked ZDI more specifics about the issues and that it “didn’t get answers we were able to work with” until May 2023. The Exim team further said they are awaiting detailed specifics on the other three shortcomings.

However, the ZDI pushed back against claims about “sloppy handling” and “neither team pinging the other for 10 months,” stating it reached out several times to the developers.

“After our disclosure timeline was exceeded by many months, we notified the maintainer of our intent to publicly disclose these bugs, at which time we were told, 'you do what you do,’” it said.

“If these bugs have been appropriately addressed, we will update our advisories with a link to the security advisory, code check-in, or other public documentation closing the issue.”

In the absence of patches, the ZDI recommends restricting interaction with the application as the only “salient” mitigation strategy.

This is not the first time security flaws have been uncovered in the widely used mail transfer agent. In May 2021, Qualys disclosed a set of 21 vulnerabilities collectively tracked as 21Nails that enable unauthenticated attackers to achieve complete remote code execution and gain root privileges.

UPCOMING WEBINAR

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

Previously in May 2020, the U.S. government reported that hackers affiliated with Sandworm, a state-sponsored group from Russia, had been exploiting a critical Exim vulnerability (CVE-2019-10149, CVSS score: 9.8) to penetrate sensitive networks.

The development also comes hot on the heels of a new study by researchers from the University of California San Diego that discovered a novel technique called forwarding-based spoofing which takes advantage of weaknesses in email forwarding to send messages impersonating legitimate entities, thereby compromising on integrity.

“The original protocol used to check the authenticity of an email implicitly assumes that each organization operates its own mailing infrastructure, with specific IP addresses not used by other domains,” the research found.

“But today, many organizations outsource their email infrastructure to Gmail and Outlook. As a result, thousands of domains have delegated the right to send email on their behalf to the same third party. While these third-party providers validate that their users only send email on behalf of domains that they operate, this protection can be bypassed by email forwarding.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

Ubuntu Security Notice USN-6455-1

Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.

Exim finally fixes 3 out of 6 vulnerabilities

Categories: Business Categories: News Tags: Exim Tags: mta Tags: cla Tags: spf Tags: nltm Tags: cvss Tags: cve-2023-42115 Tags: cve-2023-42116 Tags: cve-2023-42117 Tags: cve-2023-42118 Tags: cve-2023-42119 Tags: cve-2023-42114 Tags: dbs spa Six vulnerabilities in the Exim message transfer agent have been fixed—over a year after they were reported. (Read more...) The post Exim finally fixes 3 out of 6 vulnerabilities appeared first on Malwarebytes Labs.

Debian Security Advisory 5512-1

Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.

CVE-2022-37451: Index of /static/doc/security/

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVE-2020-28017

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS instances running a vulnerable version of Exim are affected.

CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.