9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report.
360CERT determine the vulnerability to hazards and the impact is large.
0x01 vulnerability details
When exim support TLS, the attacker is sent toβ\0βend of SNI at this time string_unprinting function call string_interpret_escape function handles escape sequences, since the string_interpret_escape function does not handleβ\0βcase, resulting in a cross-border read. qualys has confirmed that the vulnerability could be exploited remotely to obtain root privileges.
! [](/Article/UploadPic/2019-9/20199713551298. png)
0x02 impact version
exim
0x03 repair recommendations
Although currently there is no public EXP, but qualys has been described by EXP preparation of several key steps, and ultimately the use of loopholes written into the/etc/passwd file, so that remote access to root privileges. The attacker may accordingly write EXP. 360CERT recommended that users immediately upgrade to 4. 92. 2 version.
4.92.2 version download link: https://github.com/Exim/exim/releases/tag/exim-4.92.2
If you cannot upgrade immediately, it is recommended by exim of acl_smtp_mail configure the following rules:
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
0x04 timeline
2019-09-06 exim release new versions to fix vulnerabilities
2019-09-06 360CERT warning
0x05 reference links
https://github.com/Exim/exim
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C