Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

    justmattgBy justmattgSeptember 30, 2023No Comments4 Mins Read

    [ad_1]

    Sep 30, 2023THNEmail Security / Hacking News

    Exim Mail Servers

    Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution.

    The list of flaws, which were reported anonymously way back in June 2022, is as follows –

    • CVE-2023-42114 (CVSS score: 3.7) – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
    • CVE-2023-42115 (CVSS score: 9.8) – Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
    • CVE-2023-42116 (CVSS score: 8.1) – Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
    • CVE-2023-42117 (CVSS score: 8.1) – Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
    • CVE-2023-42118 (CVSS score: 7.5) – Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
    • CVE-2023-42119 (CVSS score: 3.1) – Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

    The most severe of the vulnerabilities is CVE-2023-42115, which allows remote, unauthenticated attackers to execute arbitrary code on affected installations of Exim.

    Cybersecurity

    “The specific flaw exists within the SMTP service, which listens on TCP port 25 by default,” the Zero Day Initiative said in an alert published this week.

    “The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.”

    Exim maintainers, in a message shared on the Open Source Security mailing list oss-security, said fixes for CVE-2023-42114, CVE-2023-42115, and CVE-2023-42116 are “available in a protected repository and are ready to be applied by the distribution maintainers.”

    “The remaining issues are debatable or miss information we need to fix them,” adding it asked ZDI more specifics about the issues and that it “didn’t get answers we were able to work with” until May 2023. The Exim team further said they are awaiting detailed specifics on the other three shortcomings.

    However, the ZDI pushed back against claims about “sloppy handling” and “neither team pinging the other for 10 months,” stating it reached out several times to the developers.

    “After our disclosure timeline was exceeded by many months, we notified the maintainer of our intent to publicly disclose these bugs, at which time we were told, ‘you do what you do,'” it said.

    “If these bugs have been appropriately addressed, we will update our advisories with a link to the security advisory, code check-in, or other public documentation closing the issue.”

    In the absence of patches, the ZDI recommends restricting interaction with the application as the only “salient” mitigation strategy.

    This is not the first time security flaws have been uncovered in the widely used mail transfer agent. In May 2021, Qualys disclosed a set of 21 vulnerabilities collectively tracked as 21Nails that enable unauthenticated attackers to achieve complete remote code execution and gain root privileges.

    UPCOMING WEBINAR

    Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

    Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

    Supercharge Your Skills

    Previously in May 2020, the U.S. government reported that hackers affiliated with Sandworm, a state-sponsored group from Russia, had been exploiting a critical Exim vulnerability (CVE-2019-10149, CVSS score: 9.8) to penetrate sensitive networks.

    The development also comes hot on the heels of a new study by researchers from the University of California San Diego that discovered a novel technique called forwarding-based spoofing which takes advantage of weaknesses in email forwarding to send messages impersonating legitimate entities, thereby compromising on integrity.

    “The original protocol used to check the authenticity of an email implicitly assumes that each organization operates its own mailing infrastructure, with specific IP addresses not used by other domains,” the research found.

    “But today, many organizations outsource their email infrastructure to Gmail and Outlook. As a result, thousands of domains have delegated the right to send email on their behalf to the same third party. While these third-party providers validate that their users only send email on behalf of domains that they operate, this protection can be bypassed by email forwarding.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleCybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
    Next Article How Can Your Security Team Help Developers Shift Left?
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑