CVE-2019-16928: Exim Remote Code Execution Vulnerability Alert

Recently, Linux’s mail transfer agent Exim was exposed to a remote code execution vulnerability  CVE-2019-16928 “is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.”

Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

Exim has been ported to most Unix-like systems, as well as to Microsoft Windows using the Cygwin emulation layer. Exim 4 is currently the default MTA on Debian GNU/Linux systems.

A large number of Exim installations exist, especially within Internet service providers and universities in the UK. Exim is also widely used with the GNU Mailman mailing list manager, and cPanel.

Affected version

• Exim <4.92.3 version

Unaffected version

• Exim 4.92.3

Solution

We recommend that users upgrade to version 4.92.3 immediately.