Vulnerability Affects Half of the Internet's Email Servers

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
A critical vulnerability affects hundreds of thousands of email servers. A fix has been released but this flaw affects more than half of the Internet's email servers, and patching the issue will take weeks if not months.

The bug is a vulnerability in Exim, a mail transfer agent (MTA) —software that runs on email servers and which relays emails from senders to recipients.

According to a survey conducted in March 2017, 56% of all of the Internet's email servers run Exim, with over 560,000 available online at the time. Another more recent report puts that number in the millions.

The bug allows for remote code execution
A Taiwanese security researcher named Meh Chang discovered the bug, which he reported to the Exim crew on February 2. The Exim team released Exim distribution 4.90.1 on February 10 that fixes the RCE issue.

The bug —tracked as CVE-2018-6789— is categorized as a "pre-auth remote code execution," meaning an attacker could trick the Exim email server into running malicious commands before the attacker would need to authenticate on the server.

The actual bug is a one-byte buffer overflow in the base64 decode function of Exim and affects all Exim versions ever released.

Chang described the bug in a blog post released earlier today, detailing basic steps for exploiting Exim's SMTP daemon.
.....................
.....................
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top