[SingCERT] Critical Vulnerability CVE-2019-16928 in Exim Mail Server

Published on Tuesday, 01 October 2019 17:38

Background

A critical vulnerability (CVE-2019-16928) was discovered in the Exim mail server, which is an open-source message transfer agent on Internet-facing Unix operating systems (OS).

The flaw exists in the way Exim handles text formatting, causing the program to crash when it processes text that is too long. It allows a local or remote attacker to cause a Denial of Service (DoS) condition on the Exim mail server by sending an Extended HELO (EHLO) string that is too long. EHLO is a command that commences the process of sending an email.

Affected Products

All Exim versions from 4.92 up to (and including) 4.92.2 are vulnerable.

Impact

Successful exploitation could allow a remote attacker to crash or potentially execute malicious code on targeted email servers.

Recommendations

System administrators managing the Exim Internet mailer are advised to update to version 4.92.3 immediately.

References

https://www.bleepingcomputer.com/news/security/new-exim-vulnerability-exposes-servers-to-dos-attacks-rce-risks/
https://exim.org/static/doc/security/CVE-2019-16928.txt