<h5>A bug was discovered in a widely used e-mail program that puts more than 400K servers at risk.</h5>
<p><a href="https://www.wincert.net/wp-content/uploads/2017/09/computer_attacker.jpg"><img class="alignnone wp-image-2275 size-full" title="exim" src="https://www.wincert.net/wp-content/uploads/2017/09/computer_attacker.jpg" alt="ccleaner; badrabbit; exim" width="640" height="423" /></a></p>
<p>The flaw has been related to the <strong>Exim</strong>, a widely used message transfer agent. All of the servers running Exim and are not using the latest <strong>4.90.1</strong> version are at risk. Without the applied patch, servers are vulnerable to malicious code execution. An attacker may send a specially manipulated code to a server running Exim thus allowing the hacker to execute the code remotely.</p>
<p>The DevCore team has published an <a href="https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/">advisory</a> regarding this buffer overflow vulnerability which has been indexed as CVE-2018-6789.</p>
<p>The researchers from DevCore wrote that a single byte of data from an exploit overwrites some critical data when the string fits some specific length.</p>
<blockquote><p>&#8220;In addition, this byte is controllable, which makes exploitation more feasible. Base64 decoding is such a fundamental function, and therefore this bug can be triggered easily, causing remote code execution. Currently, we&#8217;re unsure about the severity&#8221; of the vulnerability. &#8220;We *believe* an exploit is difficult. A mitigation isn&#8217;t known.&#8221;</p></blockquote>
<p>DevCore warned that a large number of servers are still running vulnerable versions of Exim email program even though the Exim developers have published a fix back on February 10.</p>