The flaws enable an unauthenticated attacker to crash Exim servers remotely by sending specially crafted DNS responses, leading to denial of service.
Attack Mechanism
A set of vulnerabilities has been discovered in the Exim mail transfer agent that allows an attacker to crash the server by sending specially crafted DNS data. Flaws in Exim’s DNS resolution code cause the server to mishandle malicious responses, leading to a segmentation fault or memory corruption. An unauthenticated remote attacker can exploit these weaknesses by triggering a DNS lookup that returns a crafted reply, causing the Exim process to terminate unexpectedly. The issues affect multiple versions of the widely used email server software.
Impact and Scope
These vulnerabilities can be leveraged to cause a denial of service, taking mail services offline and disrupting email delivery for organizations relying on Exim. While the flaws do not directly allow code execution, repeated exploitation can keep the server down for extended periods. Exim remains one of the most popular mail servers on the internet, meaning many systems could be at risk. Patches are not yet available for all affected versions, leaving administrators with limited mitigation options. The identified issues are tracked as CVE-2024-39929 and CVE-2024-39928, both published at cve.org.
Source: Cyber Security News
