Multiple Vulnerabilities in Exim Mail Server

Original Issue Date : May 11, 2021

Severity Rating: HIGH

1.       Software Affected

          Exim Mail Server versions prior to 4.94.2

2.       Overview

• Multiple vulnerabilities have been reported in Exim Mail Server which could be exploited by an attacker to execute arbitrary code, gain elevated privileges and conduct other attacks on a targeted system.

3.       Description

•      These vulnerabilities exist in Exim Mail Server due to integer overflow, out of bounds write, out of bounds read, heap buffer overflow, heap buffer underflow, use after free and other errors in various components.

•     Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges and conduct other attacks on a targeted system.

4.       Solution

          Update to Exim mail server version 4.94.2

https://www.exim.org/mirrors.html

5.       Reference

https://www.cybersecurity-help.cz/vdb/SB2021050419

https://www.zdnet.com/article/security-researchers-found-21-flaws-in-this-widely-used-email-server-so-update-immediately/

6.         Disclaimer             The information provided herein is on “as is” basis, without warranty of any kind