The flaw is a
“There is a heap-based buffer overflow in string_vformat (stringc). The currently known exploit uses extraordinary long EHLO string to crash the Exim process that is receiving the message. While this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.” reads the security advisory published by the maintainers.
The CVE-2019-16928 flaw was reported by Jeremy Harris of Exim Development Team, it affects all versions of the Exim email server software from 4.92 up to and the version 4.92.2. The expert also released a PoC exploit for this vulnerability.
Early September, the Exim development team has addressed another vulnerability in the popular
The vulnerability is a heap overflow that affects version 4.92.1 and prior of Exim mail server that accepts TLS connections. The vulnerability affects both GnuTLS and OpenSSL.
In mid-June, researchers observed several threat actors exploiting another flaw in the popular software, tracked as CVE-2019-10149, that resides in the deliver_message() function in /src/deliver.c and it is caused by the improper validation of recipient addresses. The issue could lead to remote code execution with root privileges on the mail server. The CVE-2019-10149 flaw was addressed the Exim’s development team with the release of version 4.92 in February.
The flaw is easily exploitable by a local and a remote attacker in certain non-default configurations, experts believe that threat actors will start using it in attacks in the wild.
Exim also patched a severe remote command execution vulnerability (CVE-2019-10149) in its email software that was actively exploited in the wild by various groups of hackers to compromise vulnerable servers.
(SecurityAffairs – Mail Server, hacking)