Remote code flaw sparks calls for major updates
Amins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw.
The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw.
Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused by a buffer overflow error that occurs when Exim processes an extremely long string in an Extended HELO (EHLO) Extended Simple Mail Transfer Protocol (ESMTP) command message.
In practice, an attacker could write an exploit into the EHLO message and remotely trigger the bug to get control over the targeted server. So far, no active attacks ..
Support the originator by clicking the read the rest link below.
