CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution attacks (RCE) — making it a serious concern for Exim customers who use vulnerable versions of the software.

The flaw exists in the following Exim versions (earlier versions are not affected):

  • 4.92
  • 4.92.1
  • 4.92.2.

In this entry, we explain how CVE-2019-16928 can be exploited, specifically, how introducing a heap-based buffer overflow error to the Exim process can be used to gain execution control of it.

Read more…
Source: Trend Micro