Exim Internet Mailer is vulnerable to RCE and DoS bugs

Version: 1.0
Affected software: Exim v4.88 & v4.89
Type: Remote Code Execution, Denial of Service

Sources

Remote Code Execution:
- https://bugs.exim.org/show_bug.cgi?id=2199
- https://nvd.nist.gov/vuln/detail/CVE-2017-16943
Denial of Service:
- https://bugs.exim.org/show_bug.cgi?id=2201
- https://nvd.nist.gov/vuln/detail/CVE-2017-16944

Changelog: https://github.com/Exim/exim/blob/master/doc/doc-txt/ChangeLog
Fixed version: Exim version 4.90 (RC2 at the moment of writing).
https://github.com/Exim/exim/releases/tag/exim-4_90_RC2

Risks

The bug in the Exim SMTP daemon allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free, infinite loop and stack exhaustion) via vectors involving BDAT commands.

Summary

Exim is an open source mail transfer agent (MTA) developed at the University of Cambridge for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is responsible for routing, delivering and receiving email messages. A security researcher discovered two vulnerabilities in the software, the CVE’s and their impact are as follows:
- CVE-2017-16943 : Remote Code Execution
- CVE-2017-16944 : Denial of Service

Recommend Action

Immediately upgrade Exim to version 4.90 (RC2 or later) or later when the vulnerable versions 4.88 and 4.89 are currently installed.