Exim remote code execution vulnerability exploits

Nearly 400,000 servers are at risk to a remote code execution vulnerability that impacts open-source Exim message transfer agent (MTA).

If you’re not familiar, Exim is a popular open-source MTA developed at the University of Cambridge and runs on Unix-based systems connected to the Internet. A recent study says that nearly 56% of internet facing email systems are running Exim. So the impact could be quite large if Exim systems remain unpatched.

Security researcher Meh Chang from DEVCORE discovered and described the vulnerability on their blog:

 “We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk.”

Chang further developed an exploit targeting SMTP daemon of exim that is used to achieve pre-auth remote code execution. The RCE vulnerability was patched five days after the bug was reported. 

Users of Exim are strongly encouraged to update systems to the latest version 4.90.1 as soon as possible to mitigate CVE-2018-6789