Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Critical Vulnerabilities in Exim Email Server Allow RCE
Table Of Content
Home

Resources

Blog
Ağu 09, 2022
2 Mins Read

Critical Vulnerabilities in Exim Email Server Allow RCE

Two critical vulnerabilities discovered in the open source email server Exim threaten over 500,000 email servers. One of the vulnerabilities allows RCE.

POCs Published

The critical vulnerability, code CVE-2022-37452, allows threat actors to execute commands on the email server with root privileges. The “buffer overflow” flaw allows attackers to view, modify, and delete data when exploited. It allows attackers to install programs and create new privileged accounts. The PoC can be found on GitHub.

The second vulnerability is CVE-2022-37451, caused by the “invalid free” in pam_converse (auths/call_pam.c). Because store_free is not used after store_malloc. The PoC for this vulnerability can also be found here.

Which Exim Versions Affected by the Vulnerabilities?

Cybersecurity researchers underline that these vulnerabilities can significantly affect government and commercial organizations. CVE-2022-37452 affects Exim versions before 4.95, and CVE-2022-37451 affects versions before 4.96.

Exim is one of the most popular email servers used on Unix-like systems. According to Shodan, it has close to 4 million users, mainly in the US.

There are nearly 4 million Exim users worldwide, according to Shodan.
There are nearly 4 million Exim users worldwide, according to Shodan.

How to Fix the Vulnerability?

Experts recommend applying Exim’s updates to fix the vulnerabilities. In addition, organizations must renew their vulnerability management procedures for their digital assets.

Some mitigation methods are:

  • Implement restrictions -such as adding a software allowlist- to ensure that only authorized software is run or accessed.
  • Only allow specific files (.dll, .ocx, .so, etc.) to load and make sure to block unknown scripts.
  • Establish a vulnerability management process for corporate digital assets.
  • Use automatic patch management to perform monthly or regular application updates on digital assets.
  • Prefer solutions that will automatically scan internal company assets for vulnerabilities.
Related Articles
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Nis 16, 2024
SOCRadar® Cyber Intelligence Inc. | Cyber Reflections of Iran's Attack on Israel
Cyber Reflections of Iran's Attack on Israel
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Nis 12, 2024
SOCRadar® Cyber Intelligence Inc. | Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Nis 10, 2024