Exim Vulnerability

Exim Remote Code Execution Vulnerability (CVE-2019-15846) Threat Alert

October 1, 2019

  1. Vulnerability Description

Recently, Linux’s mail transfer agent Exim was reported to contain a remote code execution vulnerability (CVE-2019-15846). When the Exim server is accepting TLS connections, attackers could exploit this vulnerability to remotely execute arbitrary code with root privileges by sending an SNI ending in a backslash-null sequence. By default, the TLS function is disabled on the Exim server, but many users need to have this function enabled for processing network traffic. (more…)


Subscribe to the NSFOCUS Blog