No Patch Available for RCE Bug Affecting Half of the Internet's Email Servers (remote code execution

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A critical remote code execution flaw affects over half of the Internet's email servers, and there's no fix for it available, just yet.

The bug is a vulnerability in Exim, a mail transfer agent (MTA), which is software that runs on email servers and that relays emails from senders to recipients.

According to a survey conducted in March 2017, 56% of all of the Internet's email servers run Exim, with over 560,000 available online at the time. Another more recent report puts that number in the millions.

Two bugs discovered. One leads to remote code execution.
According to a security alert published last week on Exim's website, the Exim development team was notified of two bugs that impact Exim 4.88 and 4.89, the two latest Exim versions.


The most dangerous of the two bugs is the one tracked as CVE-2017-16943, which is a use-after-free vulnerability that leads to remote code execution on affected servers.


The bug affects Exim "chunking," a feature that allows the breaking and sending of emails in multiple "chunks." Exim servers break down, handle, and reconstruct chunks using special commands.


A Taiwanese security researcher going by the nickname of @mehqq_ discovered that Exim mishandles BDAT commands, which leads to CVE-2017-16943, and allows an attacker to target Exim installations and execute malicious code on the underlying server.

Over 400,000 Exim installations may be affected

If Exim would be a marginally used app and chunking would be an obscure feature, this wouldn't be a problem. But they're not. According to another security researcher, there are over 400,000 Exim servers available online that have "chunking" enabled.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top