Attacker Value
Moderate
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Exim EHLO crash bug

Disclosure Date: September 27, 2019 Last updated February 21, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    High
Technical Analysis

Implementing a crash for this is pretty easy. Implementing an exploit may be tricky given the diversity of heap configurations, though if you targeted one distro or container it’s probably easier.

Note, this vulnerability was also fixed before it was reported as a result of deeper analysis of user-controlled variables in Exim as a whole. Future releases of Exim may be much harder to exploit as a result of this general effort. See this note from Exim maintainer ‘Comet’ on areas they need help with in the future: https://lwn.net/Articles/801265/

General Information

Additional Info

Technical Analysis