CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
Many mail servers are still vulnerable to hacker attacks.
The developers of the Exim released fixes for three zero-day vulnerabilities discovered last week as part of the Zero Day Initiative (ZDI) program. One of them allowed attackers to execute code remotely without authentication.
The most dangerous security flaw identified as CVE-2023-42115 (CVSS 9.8), discovered by an anonymous security researcher, is related to an Out-of-bounds Write error.
"A specific vulnerability exists in the SMTP service, which listens to TCP port 25 by default. The problem lies in the lack of proper verification of the data provided by the user, which can lead to writing outside the buffer," ZDI explained.
In the version of Exim 4.96.1 published yesterday, the company implemented fixes for two more vulnerabilities:
Despite the rapid approach to fixing vulnerabilities, Exim's product is still a stretch to call it safe, because only 3 of the 6 vulnerabilities discovered last week were fixed. Without a fix, the following security flaws still remain:
Despite the high threat level of CVE-2023-42115 (9.8 out of 10), the Exim team claims that successful exploitation depends on the use of external authentication on target servers. According to Shodan, even though 3.5 million Exim servers are accessible from the Internet, this requirement dramatically reduces the number of mail servers that are potentially vulnerable to attacks.
Aliz Hammond of watchTowr Labs agreed with the conclusions of the Exim developers and commented on the situation as follows: "Most of us have nothing to worry about. But if you are one of those who uses one of the vulnerable functions, you should read the information and follow the advice of ZDI. However, this is more of a simple flaw than a global catastrophe."
All Exim users are advised to install the mail server version 4.96.1 as soon as possible and monitor the release of more recent versions, where developers will need to fix the remaining vulnerabilities.
The developers of the Exim released fixes for three zero-day vulnerabilities discovered last week as part of the Zero Day Initiative (ZDI) program. One of them allowed attackers to execute code remotely without authentication.
The most dangerous security flaw identified as CVE-2023-42115 (CVSS 9.8), discovered by an anonymous security researcher, is related to an Out-of-bounds Write error.
"A specific vulnerability exists in the SMTP service, which listens to TCP port 25 by default. The problem lies in the lack of proper verification of the data provided by the user, which can lead to writing outside the buffer," ZDI explained.
In the version of Exim 4.96.1 published yesterday, the company implemented fixes for two more vulnerabilities:
- CVE-2023-42114: Remote Code execution (CVSS 8.1);
- CVE-2023-42116: Information disclosures (CVSS 8.1).
Despite the rapid approach to fixing vulnerabilities, Exim's product is still a stretch to call it safe, because only 3 of the 6 vulnerabilities discovered last week were fixed. Without a fix, the following security flaws still remain:
- CVE-2023-42117: Remote code execution vulnerability due to incorrect neutralization of special elements (CVSS 8.1);
- CVE-2023-42118: Remote code execution vulnerability due to integer overflow in libspf2 (CVSS 7.5);
- CVE-2023-42119: Information disclosure vulnerability due to out-of-buffer reads in dnsdb (CVSS 3.1).
Despite the high threat level of CVE-2023-42115 (9.8 out of 10), the Exim team claims that successful exploitation depends on the use of external authentication on target servers. According to Shodan, even though 3.5 million Exim servers are accessible from the Internet, this requirement dramatically reduces the number of mail servers that are potentially vulnerable to attacks.
Aliz Hammond of watchTowr Labs agreed with the conclusions of the Exim developers and commented on the situation as follows: "Most of us have nothing to worry about. But if you are one of those who uses one of the vulnerable functions, you should read the information and follow the advice of ZDI. However, this is more of a simple flaw than a global catastrophe."
All Exim users are advised to install the mail server version 4.96.1 as soon as possible and monitor the release of more recent versions, where developers will need to fix the remaining vulnerabilities.
