Exim Vulnerability Enables Remote Code Execution

Exim Vulnerability Enables Remote Code Execution

Posted on By CWS

A newly uncovered critical vulnerability in the Exim mail server software permits remote attackers to execute arbitrary code, posing a severe risk to affected systems.

Identified by Federico Kirschbaum of XBOW’s Security Lab, the flaw, termed Dead.Letter, has drawn significant attention due to its high CVSS score of 9.8, indicating an urgent need for remediation.

Organizations using Exim must act promptly, as the exploit requires no special configurations and can be executed without user interaction.

Exim Remote Code Execution Issue

The vulnerability is rooted in a use-after-free memory corruption issue, tracked as CVE-2026-45185. This flaw emerges during the parsing of binary data by the GnuTLS library in TLS connections.

Security advisories from Exim and CyCognito explain that attackers can manipulate connection sequences, causing the mail server to write to an already freed memory buffer.

By sending a TLS close alert followed by a cleartext byte on the same connection, attackers can disrupt the memory allocation process, allowing for privilege escalation and remote code execution.

Impact on Exim Deployments

This vulnerability specifically impacts Exim versions 4.97 to 4.99.2 compiled with GnuTLS. Versions using other libraries, like OpenSSL, are not affected.

The threat is mainly concentrated on systems running Debian, Ubuntu, and related distributions, while platforms such as Red Hat Enterprise Linux are generally unaffected.

The critical nature of this flaw demands immediate attention, as it cannot be mitigated through simple configuration adjustments.

Mitigation and Recommendations

The Exim development team has addressed the issue in version 4.99.3. Security experts universally recommend upgrading to this version to safeguard systems.

Due to the lack of alternative remedies, patching is the only reliable solution to prevent exploitation of this vulnerability.

System administrators are urged to prioritize these updates to ensure the security and integrity of their mail servers.

Stay informed on the latest cybersecurity news by following us on Google News, LinkedIn, and X.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

macOS Users Targeted by Malware via Google Ads macOS Users Targeted by Malware via Google Ads Cyber Security News
Malicious PyPI Package Mimics as SOCKS5 Proxy Tool Attacking Windows Platforms Malicious PyPI Package Mimics as SOCKS5 Proxy Tool Attacking Windows Platforms Cyber Security News
Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code Cyber Security News
Telnyx Python SDK Backdoored by Hackers to Steal Credentials Telnyx Python SDK Backdoored by Hackers to Steal Credentials Cyber Security News
North Korean Cyber Scheme Exploits IT Jobs Globally North Korean Cyber Scheme Exploits IT Jobs Globally Cyber Security News
CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks Cyber Security News