Exim Internet Mailer is vulnerable to pre-authentication remote code execution

Advisory: CERT.be Advisory #2018-005
Version: 1.0
Impacted software: Exim Internet Mailer
Type: Remote Code Execution (RCE), Denial-of-Service (DoS)


Fixed version: Exim v4.90.1


The vulnerability, tracked as CVE-2018-6789, is categorized as a "pre-authentication remote code execution", meaning an attacker could trick the Exim email server into running malicious code before the attacker would need to authenticate on the server.
A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.


Exim is an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is used for routing, delivering and receiving email messages.
The vulnerability comes from a buffer overflow in a widely used utility function for base64 decoding and exploits a one byte heap overflow a.k.a. off-by-one. The byte is controllable and overwrites critical data using a specific length.


CERT.be recommends that systems administrators update Exim to version 4.90.1 (or later) as soon as possible because it is an easily-exploitable vulnerability that allows remote code execution.