Six new zero-day vulnerabilities in Exim Message Transfer Agent have been reported as part of the Zero-Day initiative. These vulnerabilities were discovered in June 2022 but were not disclosed until now as Exim did not fix them.
Though these vulnerabilities have been published now, only three of the six vulnerabilities were fixed, which include 1 Critical severity (9.8), 1 high severity (8.1), and 1 low severity (3.7) vulnerabilities.
The vulnerability that had the highest severity among the six reported vulnerabilities was CVE-2023-42115 associated with an out-of-bounds write in Exim AUTH, resulting in remote code execution. This vulnerability had the highest severity of 9.8 (Critical), which Exim fixed.
The high vulnerability fixed by Exim was CVE-2023-42116, which was related to a stack-based buffer overflow that exists due to improper validation in the handling of NTLM challenge requests, resulting in remote code execution. This vulnerability has a severity of 8.1 (High).
In addition to this, the other low-severity vulnerability was CVE-2023-42114, which was linked with an out-of-bounds read leading to information disclosure. The severity of this vulnerability was 3.7 (Low), which Exim also fixed.
Three of the zero-days were not fixed by Exim yet, which include two high-severity and one low-severity vulnerability. The two high-severity vulnerabilities were CVE-2023-42117 (8.1), CVE-2023-42118 (7.8), and CVE-2023-42119 (3.1).
CVE-2023-42117 was an Exim proxy vulnerability that existed due to the use of an untrusted proxy server, whereas CVE-2023-42118 was associated with the “SPF” condition used in an ACL. However, CVE-2023-42119 was another out-of-bounds read information disclosure vulnerability that existed in the Exim dnsdb.
Furthermore, CVE-2023-42115 was analyzed by researchers at watchTowr, and a proof-of-concept was published, providing detailed information about the severity, exploitation, and code review of the vulnerability.
In addition to this, another report was also published by SecLists, which details the vulnerability and their fixes. Moreover, Exim has also released a list of their fixes in this link.