A vulnerability has been found in the popular email software Exim

Summary:

Today’s exploit of the day is one affecting one of the most popular mail transfer agent.

That has been actively used since its creation in 1995.

A buffer overflow vulnerability has been found in the TLS negotiation code of Exim.

A specially crafted TLS package could potentially lead to code execution.

Exim is included in the default installation in several operating systems such as Debian and Ubuntu, if you are not using it we recommend that you disable it using systemctl:

find it: root@linux:~# service --status-all | grep exim [ + ] exim4 disable it: root@linux:~# systemctl disable exim4

Affected systems

Exim instances running a version prior to 4.92.2

The vulnerability has been given the CVE of CVE-2019-15846.

A simple shodan search for Exim displays 5 million hosts running Exim.

https://www.shodan.io/search?query=exim

External links:

Exim wikipedia

exim.org

Bugtraq

Openwall email list

carnegie mellon univeristy cert

Rapid 7 Cpanel

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series

where we write a shorter description about interesting

exploits that we index.