Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Remote root code execution vulnerability in Exim MTA
Image
Gepubliceerd : 02/10/2019
Reference:
Advisory #2019-023
Version:
1.0
Affected software:
Exim (all versions up to and including 4.92.2)
Type:
remote root code execution
CVE/CVSS:
CVE-2019-16928
Sources
https://www.exim.org/static/doc/security/CVE-2019-16928.txt
Risks
Exploitation of this vulnerability leads to the compromise of system/data integrity, confidentiality, and/or availability. CERT.be has sightings of widespread exploitation of the Exim vulnerability reported in early September. CERT.be assesses with medium confidence this vulnerability could be exploited in future campaigns.
Description
The popular open-source MTA (mail transfer agent) Exim has a critical vulnerability which allows an attacker to exploit a heap-based buffer overflow (in string_vformat), potentially leading to arbitrary code execution. Normally Exim will have dropped its root privileges by the point this vulnerability is exploitable, but when combined with local privilege escalation exploits (or other as-yet known code paths within Exim to trigger the buffer overflow), arbitrary code execution with root privileges would be feasible.
Recommended Actions
CERT.be advises system administrators to update Exim immediately according to the supplier's instructions.