Exim Multiple Vulnerabilities
Multiple vulnerabilities were identified in Exim. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.
[Updated on 2023-10-03]
For CVE-2023-42117, CVE-2023-42118, and CVE-2023-42119, fix is not yet available.
Exim has released the mitigation for these vulnerabilities.
CVE-2023-42117: Do not use Exim behind an untrusted proxy-protocol proxy.
CVE-2023-42118: Do not use the ‘spf’ condition in your ACL.
CVE-2023-42119: Use a trustworthy DNS resolver which is able to validate the data according to the DNS record types.
RISK: High Risk
TYPE: Security software and application – Security Software & Appliance
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Exim versions prior to 04107e98d, 4.96.1, 4.97
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Update to version 04107e98d, 4.96.1, 4.97
Vulnerability Identifier
Source
Related Link
- https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
- https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1471/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1472/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
