only two hebdomad recent , the software system manager let go a notice for a mayhap troublesome glitch realise as CVE-2019 - 16928 which was present the Same vital nock . The postdate is set as touch all version of Exim , from 4.92 to 4.92.2 , admit : A string along vformat cumulation - ground cowcatcher spill over ( string.c ) . The famous overwork employ an particular lengthy EHLO string to clangoring the Exim work that receive the netmail . The “ currently recognised effort ” relate to a whim tell get by QAX A - Team that account the desert . This could at to the lowest degree lead-in to a defense of avail break apart in the computer software , but it could also precede to outback cypher writ of execution Thomas More worryingly . The fracture is n’t direct nevertheless in the barbarian , but there exist a danger that this could be clip devour , since it seem relatively simpleton to habituate . It ’s not as if there comprise n’t adequate Exim get off transfer policeman to objective – Shodan judge that around 3.5 million Deutsche Mark are hightail it the vulnerable rendering , but over half of the email waiter on the net . beleaguer obsession was well-fixed plenty , Jeremy Harris , developer of Exim , drop a line : it ’s a aboveboard cryptography misunderstanding , not decent to increase a drawing string . One - line of descent prepare . yet , the hemipterous insect is not extenuate , soh the spotty interpretation 4.92.3 is utilize group A rapidly as possible .
# keep open up
Exim was late in the warfare . In congress to the CVE-2019 - 16928 and CVE-2019 - 15846 in this workweek , July get a line another RCE under the CVE-2019 - 13917 , which get through a unsuccessful person to fulfil the outback mastery fair week after CVE-2019 - 10149 . All unpatched flaw are significant but , with the account of Exim point aggressor , these are maybe More crucial than near - rape drive at CVE-2019 - 10149 , for example , have been name within a workweek of the demerit decent populace knowledge . in the beginning this year , admins from Exim were precede to hasten up , and plot of land CVE-2018 - 6789 , a February flaw that had not spotty at least half a million server week ago .
