Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Remote root code execution vulnerability in Exim MTA
Image
Published : 06/09/2019
Reference:
Advisory #2019-021
Version:
1.0
Affected software:
Exim (all versions up to and including 4.92.1)
Type:
remote root code execution
CVE/CVSS:
CVE-2019-15846
Sources
Official exim.org summary : https://www.exim.org/static/doc/security/CVE-2019-15846.txt
Initial alert to mailing lists : https://www.openwall.com/lists/oss-security/2019/09/04/1
The Register analysis : https://www.theregister.co.uk/2019/09/06/exim_vulnerability_patch/
Risks
An attacker (local or remote) can execute arbitrary code with root privileges, possibly leading to compromise of system/data integrity, confidentiality, and/or availability.
Description
The popular open-source MTA (mail transfer agent) Exim has a severe vulnerability (which is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.)
Although there has not yet been a CVSS score assigned, this is as bad as vulnerabilities get. While we have not yet received reports of this vulnerability being exploited in the wild, public proof-of-concept code exists so it is only a short matter of time until we see widespread exploitation of this vulnerability.
Recommended Actions
CERT.be recommends to system administrators to patch your systems immediately if they are running Exim.
References
Additional technical details are available in the Exim GitHub repository here.