Exim Mail Server Remote Code Execution Vulnerability
Original Issue Date: March 08, 2018
Severity Rating: High
- Exim versions prior to 4.90.1
A vulnerability has been reported in Exim mail server which could be exploited by an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability exists in the base64d() in the SMTP listener component of Exim due to insufficient validation of user-supplied input.
A remote attacker could exploit this vulnerability by submitting a crafted message to trigger a buffer overflow condition, which could allow the attacker to execute arbitrary code on the system.
Update to Exim version 4.90.1
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003