Vulnerability in EXIM Could Allow for Arbitrary Code Execution

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory addresses a vulnerability discovered in EXIM, which could allow for arbitrary code execution. Exim is a mail transfer agent (MTA) for hosts that are running Unix or Unix-like operating systems. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the service account. An unauthenticated attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Threat Intelligence

While there have been no reported exploits, this is a zero-day vulnerability.

Systems Affected

- EXIM version 4.96 or prior.

Risk

Government:

- Large and medium government entities: High

- Small government entities: Medium

Businesses:

- Large and medium business entities: High

- Small business entities: Medium

Home Users: Low

Technical Summary

A vulnerability has been discovered in EXIM which could allow for arbitrary code execution.

Recommendations

- Apply appropriate updates provided by EXIM to vulnerable systems immediately after appropriate testing.

- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

- Block execution of code on a system through application control, and/or script blocking.

- Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.

References

ZDI:

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115