Influenza A virus subtype H5N1 safety researcher has discovered too publicly disclosed ii critical vulnerabilities inwards the pop Internet postal service message transfer agent Exim, i of which could permit a remote aggressor to execute malicious code on the targeted server.
Exim is an opened upward source postal service transfer agent (MTA) developed for Unix-like operating systems such equally Linux, Mac OSX or Solaris, which is responsible for routing, delivering too receiving electronic mail messages.
The get-go vulnerability, identified equally CVE-2017-16943, is a use-after-free põrnikas which could hold upward exploited to remotely execute arbitrary code inwards the SMTP server past times crafting a sequence of BDAT commands.
The minute vulnerability, identified equally CVE-2017-16944, is a denial of service (DoS) flaw that could permit a remote aggressor to hang Exim servers fifty-fifty the connector is shut past times forcing it to run inwards an interplanetary space loop without crashing.
The flaw exists due to improper checking for a '.' grapheme to signify the halt of an electronic mail when parsing the BDAT information header.
Both vulnerabilities reside inwards Exim version 4.88 too 4.89, too sysadmins are recommended to update their postal service transfer agent application Exim version 4.90 released on GitHub.
Exim is an opened upward source postal service transfer agent (MTA) developed for Unix-like operating systems such equally Linux, Mac OSX or Solaris, which is responsible for routing, delivering too receiving electronic mail messages.
The get-go vulnerability, identified equally CVE-2017-16943, is a use-after-free põrnikas which could hold upward exploited to remotely execute arbitrary code inwards the SMTP server past times crafting a sequence of BDAT commands.
"To trigger this bug, BDAT ascendancy is necessary to perform an resources allotment past times raising an error," the researcher said. "Through our research, nosotros confirm that this vulnerability tin hold upward exploited to remote code execution if the binary is non compiled amongst PIE."The researcher (mehqq_) has likewise published a Proof-of-Concept (PoC) exploit code written inwards python that could permit anyone to make code execution on vulnerable Exim servers.
The minute vulnerability, identified equally CVE-2017-16944, is a denial of service (DoS) flaw that could permit a remote aggressor to hang Exim servers fifty-fifty the connector is shut past times forcing it to run inwards an interplanetary space loop without crashing.
The flaw exists due to improper checking for a '.' grapheme to signify the halt of an electronic mail when parsing the BDAT information header.
"The receive_msg component inwards receive.c inwards the SMTP daemon inwards Exim 4.88 too 4.89 allows remote attackers to displace a denial of service (infinite loop too stack exhaustion) via vectors involving BDAT commands too an improper depository fiscal establishment gibe for a '.' grapheme signifying the halt of the content, related to the bdat_getc function," the vulnerability description reads.The researcher has likewise included a proof-of-concept (PoC) exploit for this vulnerability equally well, making Exim server run out of stack too crash.
Both vulnerabilities reside inwards Exim version 4.88 too 4.89, too sysadmins are recommended to update their postal service transfer agent application Exim version 4.90 released on GitHub.
Share This :
comment 0 Comments
more_vert