Written by Mehdi Talbi, Paul Fariello – 08/10/2019
Link: https://www.synacktiv.com/en/publications/scraps-of-notes-on-exploiting-exim-vulnerabilities
In this post we have seen the fundamentals of Exim that are required to successfully exploit a heap overflow. Then, we have shown how we could use them for two different vulnerabilities.
Moreover, the techniques used to exploit CVE-2018-6789 may apply to exploit the freshly disclosed heap-based overflow CVE-2019-16928 that is triggered by sending a long HELO command.
Our PoC are both available on our Github. Fill free to drop us an e-mail if you have used a different approach to exploit these vulnerabilities.