RCE & DoS Vulnerability on Exim Email Server (CVE-2019-16928)

A vulnerable security vulnerability was discovered on the popular e-mail server Open Source Exim, which allowed the remote attacker to perform DoS (Denial Of Service) attack and RCE (Remote Code Execution), a CVE-2019-16928 CVE given the critical vulnerability.

The discovered vulnerability can be exploited in all versions under version 4.92.2.

Vulnerability is caused by a heap-based buffer overflow in string_vformat in the string.c file, the EHLO command handler component. EHLO Commands are the first familiar commands between the SMTP client and the server. When the Exim server processes EHLO commands, the heap block is not constrained, causing an overflow of memory and the attacker can embed any commands on the RAM.




We recommend that you update to Exim 4.92.3 as soon as there is no known fix to work around this issue.

SimJacker Vulnerability
September 17, 2019
Wordpress Zafiyetleri
Wordpress Zafiyetleri