Allele Security Alert
Buffer overflow by sending a SNI ending in a backslash-null sequence during the initial TLS handshake
The Exim Project
Exim versions up to and including 4.92.1
Exim version 4.92.2
Proof of concept
The SMTP Delivery process in all versions up to and including Exim 4.92.1 has a buffer overflow. In the default runtime configuration, this is exploitable with crafted Server Name Indication (SNI) data during a TLS negotiation. In other configurations, it is exploitable with a crafted client TLS certificate.
A local or remote attacker can execute programs with root privileges. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.
CVE-2019-15846: Exim – local or remote attacker can execute programs
with root privileges.
string.c: do not interpret ‘\’ before ‘\0’ (CVE-2019-15846)
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 9, 2019