⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2018-6789Classic Buffer Overflow in Exim

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer32 documents16 sources
Severity
9.8CRITICALNVD
EPSS
86.4%
top 0.59%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
EximDebian Exim4Canonical Ubuntu Linux+1 more
Timeline
PublishedFeb 8
KEV addedNov 3
KEV dueMay 3
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDexim/exim< 4.90.1
debiandebian/exim4< exim4 4.90.1-1 (bookworm)

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: git.exim.orgPatch: git.exim.org

🔴Vulnerability Details

4
GHSA
GHSA-868p-wr6f-7jfr: An issue was discovered in the base64d function in the SMTP listener in Exim before 42022-05-13
CVEList
CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 42018-02-08
OSV
CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 42018-02-08
VulnCheck
Exim Buffer Overflow Vulnerability2018

💥Exploits & PoCs

2
Exploit-DB
exim 4.90 - Remote Code Execution2018-10-24
Exploit-DB
Exim < 4.90.1 - 'base64d' Remote Code Execution2018-05-02

🔍Detection Rules

2
Suricata
ET EXPLOIT Exim Internet Mailer Remote Code Execution2018-07-09
Suricata
ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)2018-03-13

📋Vendor Advisories

4
CISA
Exim Buffer Overflow Vulnerability2021-11-03
Ubuntu
Exim vulnerability2018-02-12
Red Hat
exim: buffer overflow in b64decode() function, possibly leading to remote code execution2018-02-07
Debian
CVE-2018-6789: exim4 - An issue was discovered in the base64d function in the SMTP listener in Exim bef...2018

🕵️Threat Intelligence

14
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions2021-04-28
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions2021-04-28
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions2021-04-28
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions2021-04-28

💬Community

5
HackerOne
Exim off-by-one RCE vulnerability2019-09-26
Bugzilla
BLRG-PT-18-004: Off-By-One Write in SECU_FilePasswd()2018-06-13
Bugzilla
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [fedora-all]2018-02-08
Bugzilla
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [epel-all]2018-02-08
Bugzilla
CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution2018-02-08