CVE-2023-42117

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability

CVSS 8.1 HIGHEPSS 5.7%CWE-138

In short

Exim mail server has a vulnerability where attackers can send specially crafted emails to execute malicious code without needing a password. This happens because the server doesn't properly check the data in incoming messages.

Technical detail

The vulnerability exists in Exim's SMTP service (TCP port 25) due to insufficient validation of user-supplied input in email data, resulting in memory corruption. An unauthenticated remote attacker can exploit this flaw by sending crafted SMTP commands to achieve arbitrary code execution in the context of the Exim process.

Summary generated and translated by AI from the official description.

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Exim · Exim

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2024/10/msg00029.html https://www.zerodayinitiative.com/advisories/ZDI-23-1471/