Unix mailer Exim is affected by RCE, DoS vulnerabilities [source: securityaffairs]
by CIRT Team
The Exim Internet mail message transfer agent warned of flaws through the public bug tracker, sys admins have to apply the workaround asap.
The Internet mail message transfer agent warned of flaws through the public bug tracker, an unfortunate choice to disclose it because the notice could be ignored.
According to the message published on the bug tracker, the first vulnerability, identified as CVE-2017-16943, is a use-after-free bug which could be exploited by an attacker to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands.
“A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed.
With immediate effect, please apply this workaround: if you are running Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main section of your Exim configuration, set:
That’s an empty value, nothing on the right of the equals. This disables advertising the ESMTP CHUNKING extension, making the BDAT verb unavailable and avoids letting an attacker apply the logic.”
For more, click here.