by Ashish Verma
In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution attacks (RCE) — making it a serious concern for Exim customers who use vulnerable versions of the software.
The flaw exists in the following Exim versions (earlier versions are not affected):
4.92
4.92.1
4.92.2.
In this entry, we explain how CVE-2019-16928 can be exploited, specifically, how introducing a heap-based buffer overflow error to the Exim process can be used to gain execution control of it.
The heap overflow
During execution in computer memory, local variables are stored in an area of the memory called the stack, which is responsible for storing local variables created by a function. On the other hand, dynamic variables, which are used to allocate and free memory during runtime, are stored in another area of the memory called the heap.
Each local variable points to its value in the heap, which basically means that it points to its memory address containing the value. When a string longer than the dedicated memory is used as an input, it overrides and changes the value in subsequent memory blocks in the heap. Figure 1 depicts this execution flow.
Figure 1. Memory re ..
Support the originator by clicking the read the rest link below.
