No Patch Available for RCE Bug Affecting Half of the Internet's Email Servers (remote code execution

[LASER_oneXM]

A critical remote code execution flaw affects over half of the Internet's email servers, and there's no fix for it available, just yet.

The bug is a vulnerability in Exim, a mail transfer agent (MTA), which is software that runs on email servers and that relays emails from senders to recipients.

According to a survey conducted in March 2017, 56% of all of the Internet's email servers run Exim, with over 560,000 available online at the time. Another more recent report puts that number in the millions.

Two bugs discovered. One leads to remote code execution.
According to a security alert published last week on Exim's website, the Exim development team was notified of two bugs that impact Exim 4.88 and 4.89, the two latest Exim versions.


The most dangerous of the two bugs is the one tracked as CVE-2017-16943, which is a use-after-free vulnerability that leads to remote code execution on affected servers.

The bug affects Exim "chunking," a feature that allows the breaking and sending of emails in multiple "chunks." Exim servers break down, handle, and reconstruct chunks using special commands.


A Taiwanese security researcher going by the nickname of @mehqq_ discovered that Exim mishandles BDAT commands, which leads to CVE-2017-16943, and allows an attacker to target Exim installations and execute malicious code on the underlying server.

Over 400,000 Exim installations may be affected

If Exim would be a marginally used app and chunking would be an obscure feature, this wouldn't be a problem. But they're not. According to another security researcher, there are over 400,000 Exim servers available online that have "chunking" enabled.