Exim Vulnerability Enables Remote Code Execution

Exim Vulnerability Enables Remote Code Execution

Posted on By CWS

A newly uncovered critical vulnerability in the Exim mail server software permits remote attackers to execute arbitrary code, posing a severe risk to affected systems.

Identified by Federico Kirschbaum of XBOW’s Security Lab, the flaw, termed Dead.Letter, has drawn significant attention due to its high CVSS score of 9.8, indicating an urgent need for remediation.

Organizations using Exim must act promptly, as the exploit requires no special configurations and can be executed without user interaction.

Exim Remote Code Execution Issue

The vulnerability is rooted in a use-after-free memory corruption issue, tracked as CVE-2026-45185. This flaw emerges during the parsing of binary data by the GnuTLS library in TLS connections.

Security advisories from Exim and CyCognito explain that attackers can manipulate connection sequences, causing the mail server to write to an already freed memory buffer.

By sending a TLS close alert followed by a cleartext byte on the same connection, attackers can disrupt the memory allocation process, allowing for privilege escalation and remote code execution.

Impact on Exim Deployments

This vulnerability specifically impacts Exim versions 4.97 to 4.99.2 compiled with GnuTLS. Versions using other libraries, like OpenSSL, are not affected.

The threat is mainly concentrated on systems running Debian, Ubuntu, and related distributions, while platforms such as Red Hat Enterprise Linux are generally unaffected.

The critical nature of this flaw demands immediate attention, as it cannot be mitigated through simple configuration adjustments.

Mitigation and Recommendations

The Exim development team has addressed the issue in version 4.99.3. Security experts universally recommend upgrading to this version to safeguard systems.

Due to the lack of alternative remedies, patching is the only reliable solution to prevent exploitation of this vulnerability.

System administrators are urged to prioritize these updates to ensure the security and integrity of their mail servers.

Stay informed on the latest cybersecurity news by following us on Google News, LinkedIn, and X.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

New Fully Undetectable FUD Android RAT Hosted on GitHub New Fully Undetectable FUD Android RAT Hosted on GitHub Cyber Security News
Oracle Releases Critical Patches for 35 Security Flaws Oracle Releases Critical Patches for 35 Security Flaws Cyber Security News
WhatsApp Enhances Security with Optional Account Password WhatsApp Enhances Security with Optional Account Password Cyber Security News
Bluekit Phishing Kit Revolutionizes Cyber Attacks Bluekit Phishing Kit Revolutionizes Cyber Attacks Cyber Security News
RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers Cyber Security News
Threat Actors Using ViperSoftX Malware to Exfiltrate Sensitive Details Threat Actors Using ViperSoftX Malware to Exfiltrate Sensitive Details Cyber Security News