ZDI (Zero Day Initiative) published information about three critical vulnerabilities found in the Exim mail server that allow arbitrary code to be executed on behalf of the server process that opens port 25. To carry out an attack, authentication on the server is not required.
- CVE-2023-42116 – caused by copying data from the user into a fixed-size buffer without checking the required size.
- CVE-2023-42117 – also caused by the lack of verification of input data on port 25 of the SMTP service.
The vulnerabilities are marked as 0-day, which indicates that they are not being fixed, although according to ZDI, Exim developers have long been warned about their presence. Perhaps the fix will be in version 4.97 of the server, but this is not certain.
As a protection against these vulnerabilities, it is currently proposed to restrict access to SMTP on port 25.
UPD. It looks like things aren't so bad. These vulnerabilities are local in nature. They do not work if the server does not use NTLM and EXTERNAL authentication, is not closed behind a proxy, does not use potentially dangerous DNS servers, and does not use spf in the acl. Learn more
Source: linux.org.ru
