Hundreds of thousands of servers running the Exim mail transfer agent (MTA) software are highly vulnerable to remote code execution attacks. The vulnerability has still not been patched.
The vulnerability in question, discovered by Trend Micro, allows for an “Out-of-bounds Write” in the SMTP service. The vulnerability, if successfully exploited, can lead to software crashes or data corruption. In addition, it allows hackers to remotely run malicious code on affected servers.
The problem is caused by poor validation of user-supplied data. This can generate a “write past” at the end of a buffer. Hackers can exploit the vulnerability by running code in the service account context.
No patch yet
The vulnerability was discovered by security experts back in June 2022 and reported to vendors of MTA software-equipped servers, Exim. A request to the vendor about the progress of the patch process from May this year shows that the software developer could not provide an update.
Last month, Trend Micro therefore made the problem public, including the contact history with Exim about the problem.
Serious problem
That Exim is doing nothing to fix the vulnerability is a serious problem. Since 2019, the MTA software has already suffered from a bug CVE-2019-10149, mainly abused by the Russian hackers of Sandworm, and the importance of the software for (mail) servers.
Exim is the standard MTA software on Debian Linux distributions and the most widely used MTA software in the world. It would mean that hundreds of thousands of mail servers are currently vulnerable.
Until there is a patch, administrators should ensure that remote access to the servers is disabled.
Tip: Cisco routers vulnerable due to replacing firmware with backdoor version