Exim Off-By-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing
We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk.
Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.