Exim Mail Software Vulnerability Exposed
No attachments for this post
All Exim mail transfer agent (MTA) software versions are susceptible to a significant zero-day flaw, which allows attackers to execute remote codes without authentication on servers open to the internet.
The vulnerability, identified as CVE-2023-42115, was discovered by an undisclosed security expert and revealed via Trend Micro's Zero Day Initiative (ZDI). The root cause is an Out-of-bounds Write vulnerability in the SMTP service. If exploited, attackers could execute codes or commands on the compromised servers.
A ZDI advisory explained that this vulnerability stems from inadequate validation of user-provided data within the smtp service, which defaults to TCP port 25.
Despite ZDI notifying the Exim team about this issue in June 2022 and following up in May 2023, Exim's developers have not shared any update on their patching efforts. Consequently, ZDI publicized an advisory in late September detailing the flaw and their communication history with Exim.
Exim servers, being MTAs, are particularly at risk since they're frequently connected to the internet, providing attackers easy access points. The National Security Agency (NSA) highlighted in 2020 that the infamous Russian military hacker group, Sandworm, had been capitalizing on an Exim vulnerability since at least 2019.
Additionally, Exim remains the favored MTA software globally and is the default for Debian Linux distributions. A September 2023 survey revealed that Exim operates on over 56% of the 602,000 accessible mail servers on the internet, which translates to slightly above 342,000 Exim servers.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.