{"id":17024,"date":"2023-09-29T20:54:06","date_gmt":"2023-09-29T20:54:06","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=17024"},"modified":"2024-05-31T00:26:43","modified_gmt":"2024-05-31T00:26:43","slug":"exim-vulnerability-rce","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/exim-vulnerability-rce\/","title":{"rendered":"Exim Vulnerability Allows RCE, No Patches Available"},"content":{"rendered":"

Exim Internet Mailer, a program massively used as a basis for mailing servers, appears to have a remote code execution vulnerability<\/strong>. By overflowing the buffer, hackers can make the program execute whatever code they need. Despite several reports to the developer, the patch is still not available.<\/p>\n

What is Exim?<\/h2>\n

Exim is a mail transfer agent application for *NIX systems. Appeared back in 1995, it gained popularity<\/strong> as a free, open-source and flexible solution for mailing. Throughout the time, it was ported to different platforms, including even Windows. Some Linux distributions even included it as a default MTA solution. Despite its obsolescence, Exim keeps quite a share of ~59% among mailing clients<\/strong> available on the Internet.<\/p>\n

\"Exim
Main site of Exim Internet Mailer<\/figcaption><\/figure>\n

Exim Buffer Overflow Vulnerability Allows RCE<\/h2>\n

Such a popularity, along with long-missing updates<\/strong>, could not be missed by cybercriminals. A 0-day vulnerability, discovered by an anonymous reporter<\/a>, sits in a lack of input validation from the user. Hackers can reach the mailing server from a default SMTP port 25<\/strong>, and write data past the end of a buffer. This, eventually, allows them to execute any command they wish \u2013 and at the scale of a mailing server, this may have horrific consequences.<\/p>\n

It is common for RCE vulnerabilities to receive the highest CVSS ratings. CVE-2023-42115<\/a> received a rating of 9.8\/10, which puts it inline with the infamous MOVEit<\/a> and Citrix NetScaler vulnerabilities<\/a>, uncovered earlier this year. The problem is known to the developers for almost half a year, and the patch is still unreleased.<\/p>\n

How to protect against RCE Vulnerabilities?<\/h2>\n

There, I usually share information about available patches from the vendor or temporary solutions that can fix the flaw. Though not this time.<\/strong> Lack of response from the developer means any fixes for the vulnerability is only up to the Exim users. The only way to be secured against the breach is to avoid using the program, but that can be rather problematic with such a huge share<\/strong> of mailing servers running Exim.<\/p>\n

With that being said, I will still advise to use top-notched security solutions<\/strong> that feature most modern cybersecurity approaches<\/a>. This will effectively detect and mirror any cyberattack attempts before hackers will be able to reach even a shade of success.<\/p>\n

Giving crooks less chances for success though is not only about having a reliable security system. Sentinels are useless when there is an open vent in the warehouse<\/strong>. Under open vent, I mean unpatched software with known vulnerabilities<\/a> and low cybersecurity awareness among personnel. Cybercriminals know and love both of these common weak spots, and be sure \u2013 they won\u2019t hesitate to use them when needed.<\/p>\n

\"Exim<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Exim Internet Mailer, a program massively used as a basis for mailing servers, appears to have a remote code execution vulnerability. By overflowing the buffer, hackers can make the program execute whatever code they need. Despite several reports to the developer, the patch is still not available. What is Exim? Exim is a mail transfer […]<\/p>\n","protected":false},"author":7,"featured_media":17027,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15,17],"tags":[257,529,374],"class_list":{"0":"post-17024","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"category-labs","9":"tag-0-day","10":"tag-rce-vulnerability","11":"tag-vulnerability"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/09\/envelopes.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=17024"}],"version-history":[{"count":1,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17024\/revisions"}],"predecessor-version":[{"id":17026,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17024\/revisions\/17026"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/17027"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=17024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=17024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=17024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}