Remote root code execution vulnerability in Exim MTA
CVE-2019-16928
Sources
https://www.exim.org/static/doc/security/CVE-2019-16928.txt
Risks
Exploitation of this vulnerability leads to the compromise of system/data integrity, confidentiality, and/or availability. CERT.be has sightings of widespread exploitation of the Exim vulnerability reported in early September. CERT.be assesses with medium confidence this vulnerability could be exploited in future campaigns.
Description
The popular open-source MTA (mail transfer agent) Exim has a critical vulnerability which allows an attacker to exploit a heap-based buffer overflow (in string_vformat), potentially leading to arbitrary code execution. Normally Exim will have dropped its root privileges by the point this vulnerability is exploitable, but when combined with local privilege escalation exploits (or other as-yet known code paths within Exim to trigger the buffer overflow), arbitrary code execution with root privileges would be feasible.
Recommended Actions
CERT.be advises system administrators to update Exim immediately according to the supplier's instructions.