Tenable 部落格

Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know

March 7, 2018 • 2 Min Read
by Scott Caveza
Blog Home / Cyber Exposure Alerts

On February 10, the Unix-based email server Exim released an update to address a heap buffer overflow vulnerability that can be used by an unauthenticated attacker to remotely execute arbitrary code. The flaw, assigned CVE-2018-6789, is noted to exist in all versions of Exim, prior to their latest release, 4.90.1, which means the attack surface potential is very wide. A quick search on Shodan yields more than 6 million results.

Vulnerability details

The vulnerability was originally discovered by DEVCORE, and details were published on their blog on March 6. The vulnerability is due to a flaw in the b64decode buffer length in the base64d() function. Due to an off-by-one calculation mistake, heap memory can be overwritten when parsing an invalid base64 string leading to critical data being overwritten.

As base64 decoding is a widely used function, and since the byte is user-controlled, this increases the ease of exploitation, which can be utilized for remote code execution.

找出受影響的系統

To detect systems affected by this critical flaw, Tenable has released Nessus® plugins for Tenable.io Vulnerability Management, SecurityCenter and Nessus Pro. Additionally, Tenable has released passive detection via Nessus Network Monitor, which may be used with Tenable.io Vulnerability Management to detect the vulnerability passively on the network. Tenable.io Container Security has also been updated to detect the Exim off-by-one RCE vulnerability in Docker container images. The following table summarizes Tenable's coverage.

Plugin ID	說明
107149	Exim < 4.90.1 Buffer Overflow RCE Vulnerability
700223 (Nessus Network Monitor)	Exim < 4.90.1 Remote Code Execution
106722	Debian DLA-1274-1 : exim4 security update
106728	Debian DSA-4110-1 : exim4 - security update
107007	Fedora 26 : exim (2018-25a7ba3cb6)
107009	Fedora 27 : exim (2018-5aec14e125)
106733	FreeBSD : exim -- a buffer overflow vulnerability, remote code execution (316b3c3e-0e98-11e8-8d41-97657151f8c2)
106888	openSUSE Security Update : exim (openSUSE-2018-170)
106791	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : exim4 vulnerability (USN-3565-1)
107178	GLSA-201803-01 : Exim: Multiple vulnerabilities

What should you do?

If you’re running a version of Exim prior to 4.90.1, make sure you update to the most current release. Exim notes that all versions of Exim prior to 4.90.1 are now obsolete and that 3.x releases are also obsolete and should not be used.

取得更多資訊

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface
Get a free 60-day trial of Tenable.io Vulnerability Management
DEVCORE blog details
Exim ChangeLog
Exim CVE-2018-6789 Advisory

Scott Caveza

Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.

Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.

Plugins

Tenable One 曝險管理平台

平台類別

平台功能

雲端安全

弱點管理

操作技術
安全

身分曝險

弱點評估

企業需求

曝險管理

Cloud Security

弱點管理

產業

公家機關

合規性

資源

研究

尋找合作夥伴

Tenable Assure 合作夥伴

技術合作夥伴

支援

服務

Tenable Trust

關於我們

加入我們

為什麼要選擇 Tenable

媒體

交流聯繫

Tenable 部落格