Another potential RCE in Exim! Let's update, folks!



Jeremy Harris, from Exim Development Team, has discovered a heap-based buffer overflow issue in all versions of Exim servers up to and including 4.92.1.

The vulnerability (CVE-2019-16928) could allow remote attackers to cause a denial of service or execute arbitrary code on a targeted Exim mail server using a specially crafted line in the EHLO command with the rights of the targeted user: currently the public PoC exploit for this vulnerability allows only crash the Exim process by sending a long string in the EHLO command, though other commands could also be used to potentially execute arbitrary code.

Is there a patch?

Yep! Exim maintainers released an urgent security update after publishing the early warning, giving system administrators an early head-up on its upcoming security patches:

Fix
===

Download and build the fixed version 4.92.3

    Tarballs: https://ftp.exim.org/pub/exim/exim4/
    Git:      https://github.com/Exim/exim.git
              - tag    exim-4.92.3
              - branch exim-4.92.3+fixes

The tagged commit is the officially released version. The +fixes branch
isn't officially maintained, but contains the security fix *and* useful
fixes.

If you can't install the above versions, ask your package maintainer for
a version containing the backported fix. On request and depending on our
resources we will support you in backporting the fix.


References