exim remote code execution

Top Page
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans via PLUG-discuss
To: quatsch
CC: der.hans
Subject: exim remote code execution
moin moin,


An issue was discovered in the base64d function in the SMTP listener in
Exim before 4.90.1. By sending a handcrafted message, a buffer overflow
may happen. This can be used to execute code remotely.

Exim might be your default mail daemon (MTA) and might be installed due to
package dependencies. Default should have it only listening to localhost,
so this issue would not be exploitable unless the attacker is already on
your machine.

You can see if you even have a mail daemon running by checking to see if
you have something listening on port 25.

$ ss -tln | grep :25
LISTEN    0         20          * 
LISTEN    0         20                   [::1]:25                  [::]:* 

Those are only listening on localhost ( and not exim ), so wouldn't be
exploitable even if this box was directly connected to the Internet.

If you have or a non-localhost IP while running exim make sure
you've updated recently.

check for exim on debian-based systems:

dpkg -l | grep exim

check for exim on rpm-based systems:

rpm -qa | grep exim


# https://www.LuftHans.com https://www.PhxLinux.org
# Nobody grows old merely by living a number of years.
# We grow old by deserting our ideals.
# Years may wrinkle the skin, but to give up enthusiasm
# wrinkles the soul. -- Samuel Ullman
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings: