Urgent Alert: Exim Mail Servers Vulnerable to Remote Attacks Due to Critical Security Flaws
Latest Update

Urgent Alert: Exim Mail Servers Vulnerable to Remote Attacks Due to Critical Security Flaws

Posted on by Anish Bht

Multiple critical security vulnerabilities have been revealed in the Exim mail transfer agent, potentially leading to information exposure and remote code execution. These flaws were reported anonymously in June 2022 and include:

  1. CVE-2023-42114 (CVSS score: 3.7) – Information Disclosure via Exim NTLM Challenge Out-Of-Bounds Read Vulnerability
  2. CVE-2023-42115 (CVSS score: 9.8) – Remote Code Execution via Exim AUTH Out-Of-Bounds Write Vulnerability
  3. CVE-2023-42116 (CVSS score: 8.1) – Remote Code Execution via Exim SMTP Challenge Buffer Overflow
  4. CVE-2023-42117 (CVSS score: 8.1) – Remote Code Execution via Exim Improper Neutralization of Special Elements
  5. CVE-2023-42118 (CVSS score: 7.5) – Remote Code Execution via Exim libspf2 Integer Underflow
  6. CVE-2023-42119 (CVSS score: 3.1) – Information Disclosure via Exim dnsdb Out-Of-Bounds Read Vulnerability

The most severe vulnerability, CVE-2023-42115, allows remote, unauthenticated attackers to execute arbitrary code on affected Exim installations. This vulnerability exists in the SMTP service on TCP port 25 due to insufficient validation of user-supplied data.

Exim maintainers have addressed some vulnerabilities (CVE-2023-42114, CVE-2023-42115, and CVE-2023-42116) with fixes available for distribution maintainers. However, the status of the other issues remains uncertain.

The Zero Day Initiative (ZDI) disclosed these vulnerabilities after encountering delays in the remediation process. In the absence of patches, ZDI recommends limiting interaction with Exim as a mitigation strategy.

Notably, this isn’t the first time Exim has faced security issues. In May 2021, Qualys disclosed the 21Nails vulnerabilities, allowing unauthenticated attackers to achieve remote code execution and root privileges. In May 2020, hackers associated with the Sandworm group exploited a critical Exim vulnerability (CVE-2019-10149) to infiltrate networks.

Additionally, researchers from the University of California San Diego identified forwarding-based spoofing, a novel technique that exploits email forwarding weaknesses to impersonate legitimate entities, potentially compromising email integrity. This discovery highlights evolving challenges in email security, especially as organizations outsource their email infrastructure to third-party providers like Gmail and Outlook, for more

Leave a Reply

Your email address will not be published. Required fields are marked *