New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks


The Exim mail transfer agent has a number of security flaws that, if successfully exploited, might lead to data leakage and remote code execution. CVE-2023-42114 (3.7 out of 5) - Exim NTLM Challenge Unauthorized Information Disclosure Vulnerability should be read. CVE-2023-42115, a 9.8 CVSS rating Exim Authorization Out-Of-Bounds Remote Code Execution Vulnerability, please.

CVE-2023-42116 (8.1 CVSS) - Stack-based buffer overflow remote code execution vulnerability in Exim SMTP Challenge. CVE-2023-42117 (8.1 CVSS) - Exim Remote Code Execution Vulnerability Due to Improper Neutralization of Special Elements. _x000D_CVSS rating: 7.5 for CVE-2023-42118 - Exim libspf2 Remote Code Execution Vulnerability due to Integer Underflow.x000D CVE-2023-42119 (3.1 on the CVSS scale) Exim Dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

Read More…