Taiwanese researchers recently discovered a critical bug in a widely used (but low-profile) email software called Exim. If exploited, the vulnerability would allow attackers to execute malicious code remotely. The security report says that at least 400,000 servers are at risk.
This is a particularly widespread issue, especially in light of the fact that 56 percent of mail servers visible on the internet run Exim, according to a March 2017 survey. Exim is a mail transfer agent, a type of software that transfers messages from sender to recipient, essentially functioning as a relay.
The developers of Exim already have a fix for this flaw as part of the software’s version 4.90.1, which was released on Feb. 8 (three days after the vulnerability was reported). They are encouraging users to install the patch immediately, saying that all previous versions are now obsolete. Given the number of servers that are affected, though, it could be weeks or even months before all vulnerable serves are updated.
Details of the Exim vulnerability
The researchers have classified the issue as a “pre-authentication remote code execution” vulnerability and identified it as CVE-2018-6789. It is a one-byte buffer overflow that resides in the base64 decode function. By sending manipulated input to a vulnerable Exim server, an attacker may be able to execute code remotely.
The vulnerability affects all Exim versions released prior to the most recent one. The researchers detail an exploit in their report on the subject and note that base64 decoding is “such a fundamental function, and therefore this bug can be triggered easily.”
The developers of Exim acknowledged the vulnerability in their recent security update. “Currently we’re unsure about the severity,” they said, adding that they believe “an exploit is difficult” but that a “mitigation isn’t known.”
The best that can be done by organizations running Exim is to immediately update to the latest version of the software. The importance of patching cannot be overstated — many critical bugs are reported and fixed early on, with patches quickly made available. Enterprises should therefore introduce efficient and comprehensive patching policies into their security routines.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).