Exim Vulnerabilities May Affect Over 400,000 Email Servers

Two vulnerabilities were recently discovered in versions 4.88 and 4.89 of Exim, a mail transfer agent (MTA) used by over half of all the internet’s email servers to relay emails from senders to recipients. The first and more serious bug is a use-after-free vulnerabilityCVE-2017-16943 that leads to remote code execution. The vulnerability affects the “chunking” feature that allows emails to send in multiple chunks. Exim mishandles BDAT commands, permitting a remote threat actor to execute malicious code on the affected server. The second bug is a denial-of-service (DoS) vulnerability CVE-2017-16944 that crashes Exim servers, exploitable via the same “chunking” feature and BDAT command. According to the internet-of-things search engine Shodan, there are over 400,000 Exim servers with the “chunking” feature enabled and therefore are impacted by the above vulnerabilities. The NJCCIC recommends administrators of Exim servers with “chunking” enabled review the Exim security alert, immediately apply the workaround provided, and update to version 4.90 when it is released.

AdvisoryNJCCICEmail, Exim