Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Exim Remote Code Exploit InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Exim Remote Code Exploit

Published: 2017-11-25
Last Updated: 2017-11-25 18:30:58 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

A use-after-free(UAF) vulnerability has been found in Exim version 4.88 and 4.89 which could lead to the execution of arbitrary code or DoS. The patch has been made available today and is available for download here.

[1] https://bugs.exim.org/show_bug.cgi?id=2199
[2] https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16943

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

0 comment(s)
Diary Archives