CVE-2019-10149: Critical Flaw in Exim Mail Transfer Agent
CYBER NEWS

CVE-2019-10149: Critical Flaw in Exim Mail Transfer Agent

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...


CVE-2019-10149 is a critical security vulnerability in the Exim mail transfer agent (MTA) software. The flaw is located in Exim versions 4.87 to 4.91 included, and is described as improper validation of recipient address in deliver_message() function in /src/deliver.c which could lead to remote command execution.




How was CVE-2019-10149 discovered?

Qualys researchers came across the remote command execution vulnerability while performing a code review of the latest changes in the Exim mail server. In this case, the RCE vulnerability may allow an attacker to execute arbitrary commands with execv(), as root. It should be noted that no memory corruption or ROP (Return-Oriented Programming) is involved.

According to the researchers’ report, CVE-2019-10149 is exploitable instantly by a local attacker. However, it can also be exploited by a remote attacker in specific non-default configurations.

A remote attack in the default configuration would require the attacker to keep a connection to the vulnerable server open for 7 days, with the condition of transmitting one byte every few minutes. However, because of the extreme complexity of Exim’s code, the researchers cannot guarantee that this attack scenario is unique. There also may be more efficient methods.

Related: CVE-2018-6789 Exim Flaw Exposes 400,000 Email Servers.

Last year, another serious vulnerability was discovered in Exim. The vulnerability which was identified as CVE-2018-6789 resided in all releases of the Exim message transfer agent (more specifically in base64 decode function) without the 4.90.1 version.

The flaw was a buffer overflow one, putting servers at risk of attacks that could execute malicious code. The bug could be exploited by sending specially crafted input to a server running Exim. 400,000 servers were at risk of the vulnerability.

As for CVE-2019-10149, Shodan numbers reveal that vulnerable versions of Exim are currently running on more than 4,800,000 machines. The good news is that CVE-2019-10149 was patched by Exim in version 4.92 of the software on February 10.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...