Vulnerability in Exim Could Allow for Remote Command Execution (CVE-2019-16928)

October 1, 2019

Summary

A vulnerability has been discovered in Exim, which could allow for unauthenticated remote attackers to execute arbitrary system commands on the mail server. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • The vulnerability is relatively easy to exploit; it’s probable that attackers will be searching for and exploiting vulnerable versions of this software soon. Proof of Concept code is available [1]

Vulnerable

  •  Exim versions prior to 4.92.3  [2]

Recommendations

  • Apply appropriate patches provided by Exim to vulnerable systems immediately after appropriate testing.

  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • Apply the principle of Least Privilege to all systems and services.

  • Remind users not to open emails, download attachments, or follow links provided by unknown or untrusted sources.

References