400,000 Exim servers at risk
A bug was discovered in a widely used e-mail program that puts more than 400K servers at risk.
The flaw has been related to the Exim, a widely used message transfer agent. All of the servers running Exim and are not using the latest 4.90.1 version are at risk. Without the applied patch, servers are vulnerable to malicious code execution. An attacker may send a specially manipulated code to a server running Exim thus allowing the hacker to execute the code remotely.
The DevCore team has published an advisory regarding this buffer overflow vulnerability which has been indexed as CVE-2018-6789.
The researchers from DevCore wrote that a single byte of data from an exploit overwrites some critical data when the string fits some specific length.
“In addition, this byte is controllable, which makes exploitation more feasible. Base64 decoding is such a fundamental function, and therefore this bug can be triggered easily, causing remote code execution. Currently, we’re unsure about the severity” of the vulnerability. “We *believe* an exploit is difficult. A mitigation isn’t known.”
DevCore warned that a large number of servers are still running vulnerable versions of Exim email program even though the Exim developers have published a fix back on February 10.