CVE-2023-42116

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVSS 8.1 HIGHEPSS 3.2%CWE-121

In short

Exim email servers have a flaw in how they handle NTLM authentication requests. An attacker can send a specially crafted message that overwrites memory and runs malicious code without needing a password.

Technical detail

Stack-based buffer overflow in Exim's NTLM challenge handler due to insufficient input validation before copying user-supplied data to a fixed-length buffer. Remote, unauthenticated attackers can achieve arbitrary code execution in the context of the Exim service account via crafted SMTP NTLM challenge requests.

Summary generated and translated by AI from the official description.

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Exim · Exim

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2023/10/msg00002.html https://www.zerodayinitiative.com/advisories/ZDI-23-1470/