← back
CVE-2018-6789

CVE-2018-6789

CVSS 9.8 CRITICALEPSS 82.2%● KEVCWE-120
In short

Exim mail server has a buffer overflow flaw in its SMTP listener that lets attackers send a specially crafted message to run malicious code on the server without authentication.

Technical detail

A buffer overflow vulnerability exists in the base64d function within Exim's SMTP listener (CWE-120) that processes incoming SMTP commands. Remote attackers can exploit this by sending a crafted SMTP message to trigger heap/stack corruption and achieve arbitrary code execution with the privileges of the Exim daemon, requiring only network access to the SMTP port.

Summary generated and translated by AI from the official description.
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found10
githubgithub.com/synacktiv/Exim-CVE-2018-678910githubgithub.com/martinclauss/exim-rce-cve-2018-678910githubgithub.com/beraphin/CVE-2018-67893githubgithub.com/thistehneisen/CVE-2018-6789-Python32githubgithub.com/c0llision/exim-vuln-poc0exploitdbwww.exploit-db.com/exploits/44571unverifiedcve_referencewww.exploit-db.com/exploits/44571/unverifiedcve_referencewww.exploit-db.com/exploits/45671/unverifiedexploitdbwww.exploit-db.com/exploits/45671unverifiedcve_referencepacketstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://openwall.com/lists/oss-security/2018/02/10/2http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.htmlhttps://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/https://exim.org/static/doc/security/CVE-2018-6789.txthttps://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1https://lists.debian.org/debian-lts-announce/2018/02/msg00009.htmlhttps://usn.ubuntu.com/3565-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6789https://www.debian.org/security/2018/dsa-4110https://www.exploit-db.com/exploits/44571/https://www.exploit-db.com/exploits/45671/http://www.openwall.com/lists/oss-security/2018/02/07/2