CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
The Zero Day Initiative (ZDI) project has disclosed information about uncorrected (0-day) vulnerabilities (CVE-2023-42115, CVE-2023-42116, CVE-2023-42117) in the Exim mail server that allow you to remotely execute your code on the server with process rights that accept connections on network port 25. Authentication is not required to perform the attack.
* The first vulnerability (CVE-2023-42115) is caused by an error in the smtp service and is related to the lack of proper checks of data received from the user during the SMTP session and used to calculate the buffer size. As a result, an attacker can achieve a controlled write of their data to a memory area outside the allocated buffer.
• The second vulnerability (CVE-2023-42116) is present in the NTLM request handler and is caused by copying data received from the user to a fixed-size buffer without the necessary checks on the size of the recorded information.
• The third vulnerability (CVE-2023-42117) is present in the smtp process that accepts connections on TCP port 25, and is caused by a lack of input data verification, which can lead to writing user-transmitted data to a memory area outside the allocated buffer.
The vulnerabilities are marked as 0-day, i.e. they remain uncorrected, but the ZDI report claims that Exim developers were notified in advance of the problems. The last change in the Exim codebase was made two days ago and it is not yet clear when the problems will be fixed (distribution manufacturers have not yet had time to react as the information was disclosed without details a few hours ago). Currently, Exim developers are preparing to release a new version 4.97, but there is no exact data on the time of its publication yet. The only protection method currently mentioned is restricting access to the Exim-based SMTP service.
In addition to the critical vulnerabilities noted above, information about several less dangerous problems has also been disclosed.:
• CVE-2023-42118 - integer overflow in the libspf2 library that occurs when parsing SPF macros. The vulnerability allows you to initiate remote corruption of memory contents and can potentially be used to organize the execution of your code on the server.
• CVE-2023-42114 - error that results in reading from an out-of-buffer memory area in the NTLM handler. The problem may cause the memory contents of the process serving network requests to leak.
• CVE-2023-42119 - vulnerability in the dnsdb handler that causes the smtp process memory contents to leak.
* The first vulnerability (CVE-2023-42115) is caused by an error in the smtp service and is related to the lack of proper checks of data received from the user during the SMTP session and used to calculate the buffer size. As a result, an attacker can achieve a controlled write of their data to a memory area outside the allocated buffer.
• The second vulnerability (CVE-2023-42116) is present in the NTLM request handler and is caused by copying data received from the user to a fixed-size buffer without the necessary checks on the size of the recorded information.
• The third vulnerability (CVE-2023-42117) is present in the smtp process that accepts connections on TCP port 25, and is caused by a lack of input data verification, which can lead to writing user-transmitted data to a memory area outside the allocated buffer.
The vulnerabilities are marked as 0-day, i.e. they remain uncorrected, but the ZDI report claims that Exim developers were notified in advance of the problems. The last change in the Exim codebase was made two days ago and it is not yet clear when the problems will be fixed (distribution manufacturers have not yet had time to react as the information was disclosed without details a few hours ago). Currently, Exim developers are preparing to release a new version 4.97, but there is no exact data on the time of its publication yet. The only protection method currently mentioned is restricting access to the Exim-based SMTP service.
In addition to the critical vulnerabilities noted above, information about several less dangerous problems has also been disclosed.:
• CVE-2023-42118 - integer overflow in the libspf2 library that occurs when parsing SPF macros. The vulnerability allows you to initiate remote corruption of memory contents and can potentially be used to organize the execution of your code on the server.
• CVE-2023-42114 - error that results in reading from an out-of-buffer memory area in the NTLM handler. The problem may cause the memory contents of the process serving network requests to leak.
• CVE-2023-42119 - vulnerability in the dnsdb handler that causes the smtp process memory contents to leak.
