CVE-2019-15846 Exim mail server flaw allows Remote Code Execution as root
A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges. The vulnerability is a heap overflow that affects version 4.92.1 and prior of Exim mail server that accept TLS connections.
The vulnerability affects both GnuTLS and OpenSSL. According toShodan, over 5 million Exim mail servers are exposed on the Internet, most of them the United States. According to Exim developers, the flaw could be exploited by an attacker sending a SNI ending in a backslash-null sequence during the initial TLS handshake.
Developers confirmed that the exploit exists as a POC, but pointed out that they are not aware of attacks in the wild that exploited the issue.