EXIM

Meh, 2017-12-11 Link: https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/ On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE); and CVE-2017-16944 for a Denial-of-Service (DoS) vulnerability. About Exim Exim is a … Read more

Written by Mehdi Talbi, Paul Fariello – 08/10/2019 Link: https://www.synacktiv.com/en/publications/scraps-of-notes-on-exploiting-exim-vulnerabilities In this post we have seen the fundamentals of Exim that are required to successfully exploit a heap overflow. Then, we have shown how we could use them for two different vulnerabilities. Moreover, the techniques used to exploit CVE-2018-6789 may apply to exploit the freshly disclosed heap-based overflow … Read more

May 14, 2021 Adepts of 0xCC Link: https://adepts.of0x.cc/exim-cve-2020-28018/ Introduction Qualys recently released an advisory named “21Nails” with 21 vulnerabilities discovered in Exim, some leading to LPE and RCE. This post will analyze one of those vulnerabilities with CVE ID: CVE-2020-28018. The vulnerability is a Use-After-Free (UAF) vulnerability on tls-openssl.c, that leads to Remote Code Execution. This vulnerability … Read more

Meh, 2018-03-06 Link: https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Overview We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk. Patched version … Read more

May 12, 2026 Federico Kirschbaum, Andres Luksenberg Link: XBOW – Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim Dear reader, What follows is, before anything else, a story. One of those old, well-worn ones. A story of encounters and misencounters, of broken hearts and quiet betrayals, of loves once thought to be forever … Read more

2021/05/04 Link: qualys.com/2021/05/04/21nails/21nails.txt SummaryWe recently audited central parts of the Exim mail server(https://en.wikipedia.org/wiki/Exim) and discovered 21 vulnerabilities(from CVE-2020-28007 to CVE-2020-28026, plus CVE-2021-27216): 11 localvulnerabilities, and 10 remote vulnerabilities. Unless otherwise noted,all versions of Exim are affected since at least the beginning of itsGit history, in 2004.We have not tried to exploit all of these vulnerabilities, … Read more