A flaw in a widely used email program that may be exposing some 400,000 servers globally has been discovered by security researchers.
The vulnerability which has been identified as CVE-2018-6789 resides in all releases of the Exim message transfer agent (more specifically in base64 decode function) without the 4.90.1 version.
The flaw is a buffer overflow one and puts servers at risk of attacks that can execute malicious code. The bug can be exploited by sending specially crafted input to a server running Exim.
CVE-2018-6789 Exim Vulnerability in Detail
Devcore researchers found and reported the Exim flaw:
We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk. Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.
“There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible,” Exim said.
Apparently, about 400,000 servers are at risk, as reported by Devcore, the researchers who found the flaw. Queries on the Shodan computer search engine found a large number of servers running vulnerable versions.
A patch for the flaw is already available and is currently being tested.
Currently Exim is unsure about the severity of the flaw. However, they believe that an exploit is difficult, and that mitigation isn’t known.