Exim


Mar. 7, 2018

Exim Off-By-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing

Exim Off-By-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk.

Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.

Mar. 7, 2018

RCE flaw in Exim MTA affects half of the email servers online

RCE flaw in Exim MTA affects half of the email servers online

A critical remote code vulnerability in the Exim mail transfer agent (MTA), tracked as CVE-2018-6789, affects most of the email servers online. It has been estimated that as in March 2017, the total number of Internet’s email servers running Exim was over 560,000, that corresponds to 56% of all Mail (MX) Server online.

Source: securityaffairs.co

Powered by Hugo with Console Theme.