mail server special release with the elimination of another (), potentially allowing you to remotely execute your code on the server by passing a specially formatted string in the EHLO command. The vulnerability appears at the stage after privileges have been reset and is limited to code execution with the rights of an unprivileged user, under which the incoming message handler is executed.
The problem appears only in the Exim 4.92 branch (4.92.0, 4.92.1 and 4.92.2) and does not overlap with the vulnerability fixed at the beginning of the month . The vulnerability is caused by a buffer overflow in a function , defined in the file string.c. Demonstrated allows you to cause a crash by passing a long string (several kilobytes) in the EHLO command, but the vulnerability can be exploited through other commands, and can also potentially be used to organize code execution.
There are no workarounds for blocking the vulnerability, so all users are recommended to urgently install the update, apply or make sure to use packages provided by distributions that contain fixes for current vulnerabilities. A hotfix has been released for (affects only branch 19.04), , , (only affects Debian 10 Buster) and . RHEL and CentOS are not affected by the problem, since Exim is not included in their standard package repository (in update for now ). In SUSE/openSUSE the vulnerability does not appear due to the use of the Exim 4.88 branch.
Source: opennet.ru