vendor:
exim
by:
hackk.gr
9.8
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: exim
Affected Version From: exim < 4.90
Affected Version To: exim < 4.90
Patch Exists: YES
Related CWE: CVE-2018-6789
CPE: exim
Metasploit:
https://www.rapid7.com/db/vulnerabilities/exim-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2018-6789/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2018-6789/
Other Scripts:
N/A
Platforms Tested: debian exim 4.89, ubuntu exim 4.86_2
2018
exim 4.90 – Remote Code Execution
This exploit is for exim versions < 4.90. It uses a buffer overflow vulnerability to execute arbitrary code on the vulnerable system. It first connects to the exim server, then sends an EHLO command to identify the server. It then attempts to authenticate using the AUTH PLAIN command, and if successful, it sends a specially crafted command to trigger the buffer overflow vulnerability. The exploit then sends a payload to execute arbitrary code on the vulnerable system.
Mitigation:
Upgrade to the latest version of exim, or apply the patch provided by the vendor.
