Exim 4.92 < 4.92.3 RCE Vulnerability

Technical Details

Severity Level:

High Severity

CVSS Score:

10.0

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Summary:
Exim is prone to an remote code execution vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.

Impact:
A local or remote attacker can execute programs.

Affected Versions:
Exim version 4.92 up to and including 4.92.2.

Recommendations:
Update to version 4.92.3 or later.

Family:

General

Creation Time:

2019-07-29 06:24:44

Modification Time:

2019-08-02 07:02:11

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2019-16928

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.