Critical Zero-Day Alert: Fatal RCE flaw in Exim Internet Mailer

Summary  

CVE-2023-42115, a CVSS 3.1: 9.8 rated critical vulnerability affects Exim Internet Mailer, a message transfer agent used with Unix systems connected to the internet. It is described as an AUTH out-of-bounds write remote code execution vulnerability.

Impact Assessment

CVE-2023-42115 is an immense security risk to any organization using Exim as a part of their email service. According to the Zero Day Initiative, the flaw exists in the SMTP service. It is the result of a lack of proper validation of user-supplied data which can result in a write past the end of a buffer. This can allow a remote attacker to execute arbitrary code on any affected installations of Exim without the use of any authentication.

What It Means for You  

This vulnerability is extremely potent for attackers, has low attack complexity, and affects software which is critical for day-to-day operations. If this vulnerability is exploited on your network, execution of arbitrary code can occur which can result in loss of email services to end users, compromised email server(s), installation of malware, and data loss.

Remediation

1. Patch: The patch available for this zero-day vulnerability is version 4.96.1 of Exim Internet Mailer.
2. Mitigate: This vulnerability affects EXTERNAL authentication within Exim Internet Mailer. The workaround for this vulnerability is to not use an EXTERNAL authentication method. Switch to an alternative authentication method.

Business Implications

Failure to remediate this vulnerability could be disastrous for any organization. A data breach, monetary loss, business slowdowns, and a sullied reputation are what awaits an organization that does not address this vulnerability promptly.

Access Point Recommendations

1. Patch this software to the latest version and ensure that your SMTP email server is hardened against any attackers.
2. Use access control with Exim software, as recommended in the Exim documentation, to reduce the impact of this vulnerability because the account run by the server will have reduced privileges.
3. Review documentation associated with the Exim software. Several security considerations and authentication methods must be reviewed by your organization and applied for the remediation to be successful.

Associated Bulletins

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_external_authenticator.html

https://exim.org/

https://ubuntu.com/security/CVE-2023-42115

https://security-tracker.debian.org/tracker/CVE-2023-42115

https://www.openwall.com/lists/oss-security/2023/10/01/4

https://www.openwall.com/lists/oss-security/2023/09/29/5

https://www.openwall.com/lists/oss-security/2023/10/02/3

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?calculator&version=3.0&vector=(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

https://security-tracker.debian.org/tracker/source-package/exim4