Veja todas as soluções
CVE-2019-16928: Falha crítica de excesso de armazenamento em buffer no Exim pode ser explorada remotamente
CVE-2019-16928, a critical heap-based buffer overflow vulnerability in Exim email servers, could allow remote attackers to crash Exim or potentially execute arbitrary code.
Contexto
Exim Internet Mailer, the popular message transfer agent (MTA) for Unix hosts found on nearly 5 million systems, is back in the news. Earlier this month, CVE-2019-15846, a critical remote code execution (RCE) flaw, was patched in Exim 4.92.2. In June, we blogged about CVE-2019-10149, another RCE, which saw exploit attempts within a week of public disclosure.
On September 28, Exim maintainers published an advance notice concerning a new vulnerability in Exim 4.92 up to and including 4.92.2. From our analysis of Shodan results, over 3.5 million systems may be affected.
Análise
CVE-2019-16928 is a heap-based buffer overflow vulnerability due to a flaw in string_vformat() found in string.c. As noted in the bug report, the flaw was a simple coding error where the length of the string was not properly accounted for, leading to a buffer overflow condition. The flaw can be exploited by an unauthenticated remote attacker who could use a large crafted Extended HELO (EHLO) string to crash the Exim process that receives the message. This could potentially be further exploited to execute arbitrary code on the host. The flaw was found internally by the QAX A-Team, who submitted the patch. However, the bug is trivial to exploit, and it’s likely attackers will begin actively probing for and attacking vulnerable Exim MTA systems in the near future.
Prova de conceito
As part of the patch, a proof of concept (PoC) is available which can be used to exploit the flaw and cause a denial of service (DoS) condition in an affected Exim server.
Solução
The Exim team released version 4.92.3 on September 29 to address CVE-2019-16928. Administrators are encouraged to upgrade as soon as possible. No mitigations exist at this time.
Identificação de sistemas afetados
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Obtenha mais informações
Junte-se à equipe de resposta de segurança da Tenable na Tenable.
Saiba mais sobre a Tenable, a primeira plataforma de Cyber Exposure para o gerenciamento holístico da sua superfície de ataque moderna.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Artigos relacionados
Cybersecurity Snapshot: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for That!
March 10, 2023Learn about a new tool that streamlines MITRE ATT&CK mapping. Plus, known vulnerabilities remain a major cyber risk – just ask LastPass. Also, discover why SaaS data protection remains difficult. Plus, a look at the U.S. National Cybersecurity Strategy. And much more!
The Ransomware Ecosystem: In Pursuit of Fame and Fortune
July 28, 2022The key players within the ransomware ecosystem, including affiliates and initial access brokers, work together cohesively like a band of musicians, playing their respective parts as they strive for fame and fortune.
Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group
July 20, 2022Having gained the industry’s attention in the first months of 2022, the LAPSUS$ extortion group has largely gone quiet. What can we learn from this extortion group’s story and tactics?
Cybersecurity Snapshot: U.S., U.K. Governments Offer Advice on How To Build Secure AI Systems
December 1, 2023Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants about an active threat involving Unitronics PLCs. And much more!
Maximize Your Vulnerability Scan Value with Authenticated Scanning
November 30, 2023Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning
AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security
November 27, 2023AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and ...
- Threat intel
- Gerenciamento de ameaças
- Gerenciamento de vulnerabilidades
- Verificação de vulnerabilidades