GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report.
360CERT determine the vulnerability to hazards and the impact is large.
0x01 vulnerability details
When exim support TLS, the attacker is sent toβ\0βend of SNI at this time string_unprinting function call string_interpret_escape function handles escape sequences, since the string_interpret_escape function does not handleβ\0βcase, resulting in a cross-border read. qualys has confirmed that the vulnerability could be exploited remotely to obtain root privileges.
! [](/Article/UploadPic/2019-9/20199713551298. png)
0x02 impact version
exim
0x03 repair recommendations
Although currently there is no public EXP, but qualys has been described by EXP preparation of several key steps, and ultimately the use of loopholes written into the/etc/passwd file, so that remote access to root privileges. The attacker may accordingly write EXP. 360CERT recommended that users immediately upgrade to 4. 92. 2 version.
4.92.2 version download link: https://github.com/Exim/exim/releases/tag/exim-4.92.2
If you cannot upgrade immediately, it is recommended by exim of acl_smtp_mail configure the following rules:
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
0x04 timeline
2019-09-06 exim release new versions to fix vulnerabilities
2019-09-06 360CERT warning
0x05 reference links
https://github.com/Exim/exim