CVE-2018-6789

high KEV

Published 2021-11-03 · Modified 2021-11-03

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

CISA KEV

Vendor: Exim
Product: Exim
Due date: 2022-05-03

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2018-6789 NameCVE-2018-6789 DescriptionAn issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search,…

CVE-2018-6789

Name	CVE-2018-6789
Description	An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1274-1, DSA-4110-1
Debian Bugs	890000

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
exim4 (PTS)	bullseye	4.94.2-7+deb11u3	fixed
	bullseye (security)	4.94.2-7+deb11u5	fixed
	bookworm	4.96-15+deb12u9	fixed
	bookworm (security)	4.96-15+deb12u10	fixed
	trixie	4.98.2-1+deb13u2	fixed
	trixie (security)	4.98.2-1+deb13u3	fixed
	forky	4.99.3-1	fixed
	sid	4.99.3-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
exim4	source	wheezy	4.80-7+deb7u6	DLA-1274-1
exim4	source	jessie	4.84.2-2+deb8u5	DSA-4110-1
exim4	source	stretch	4.89-2+deb9u3	DSA-4110-1
exim4	source	(unstable)	4.90.1-1		890000

Notes

https://www.openwall.com/lists/oss-security/2018/02/07/2
https://exim.org/static/doc/security/CVE-2018-6789.txt
https://bugs.exim.org/show_bug.cgi?id=2235
https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

https://www.openwall.com/lists/oss-security/2018/02/07/2https://exim.org/static/doc/security/CVE-2018-6789.txthttps://bugs.exim.org/show_bug.cgi?id=2235https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-45671 remote linux

hackk.gr · 2018-10-24

exim 4.90 - Remote Code Execution

Source code queued for fetch — refresh in a moment.

EDB-44571 remote linux

straight_blast · 2018-05-02

Exim < 4.90.1 - 'base64d' Remote Code Execution

Source code queued for fetch — refresh in a moment.

OS impact

Arch Fixed 1 release

Version	Status	Fixed in
—	Fixed	`4.90.1-1`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`4.90.1-1`
sid	Fixed	`4.90.1-1`
forky	Fixed	`4.90.1-1`
bullseye	Fixed	`4.90.1-1`
bookworm	Fixed	`4.90.1-1`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.