Urgent Security Update Released for Exim Email Server Due to Critical Vulnerability
A significant security flaw has been identified and swiftly addressed in the widely utilized open-source Exim email server software, which could enable remote attackers to disrupt services or execute harmful code on targeted servers. This vulnerability, classified as CVE-2019-16928, poses serious risks, as it allows a malicious actor to inflict a denial of service (DoS) or potentially run arbitrary code through a specially crafted command.
On October 23, Exim maintainers announced an urgent security update, releasing version 4.92.3 shortly after issuing a preliminary alert. The vulnerability impacts all Exim versions starting from 4.92 up to and including the then-current release of 4.92.2. This follows a similar incident earlier in the month, where a critical vulnerability (CVE-2019-15846) was patched, which had previously allowed unauthorized remote access to systems.
Exim is an essential mail transfer agent (MTA) deployed across Unix-like operating systems, accounting for nearly 60% of the internet’s email servers. Its primary functions involve routing, delivering, and receiving emails, which underscores the importance of maintaining its security.
Discovered by Jeremy Harris of the Exim Development Team, the heap-based buffer overflow vulnerability exists in the EHLO command handler’s code. Specifically, it can be exploited through an excessively long string, resulting in the crashing of the Exim process. Further exploitation methods, while currently less documented, could allow attackers to run code with the privileges of the targeted user.
The advisory from Exim indicates that while the known proof-of-concept (PoC) exploit currently leads to crashes, other methods could be developed to leverage this vulnerability for more detrimental effects. As stated by the Exim developers, “The currently known exploit uses an extraordinarily long EHLO string to crash the Exim process that is receiving the message.” They also note that while the process drops its privileges during exploitation, vulnerabilities in other paths may still expose the system.
Earlier this year, another critical remote command execution vulnerability (CVE-2019-10149) was patched, which had been actively exploited in the wild, serving as a stark reminder of the challenges in maintaining secure systems.
System administrators are strongly urged to upgrade to Exim version 4.92.3 immediately, as there are no temporary mitigations available for this vulnerability. For those unable to update, the Exim team encourages them to consult their package maintainer for assistance in obtaining a version with a backported fix.
This vulnerability particularly highlights the need for vigilance in email server security and the importance of timely updates. Supported platforms for this update include various Linux distributions: Ubuntu, Arch Linux, FreeBSD, Debian, and Fedora.
As businesses continue to navigate the complexities of cybersecurity, awareness of such vulnerabilities in widely used software is essential for protecting sensitive information and maintaining operational integrity. By employing frameworks such as the MITRE ATT&CK matrix, organizations can better understand the potential tactics and techniques involved in these types of vulnerabilities, effectively enhancing their defenses against cyber threats.