Security advisories

Exim Mail Transfer Agent Vulnerabilities

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Two vulnerabilities have been discovered in the widely used, open source, mail transfer agent, Exim. CVE-2017-16943[1] and CVE-2017-16944[2] are vulnerabilities that exist in both version 4.88 and version 4.89 of Exim.

CVE-2017-16943 allows attackers to remotely execute arbitrary codes.

CVE-2017-16944 could allow a remote attacker to cause a system hang by forcing it to run in an infinite loop due to an improper check for "." while parsing the BDAT header. System hang is a form of denial of service as the system will not crash as it is caught running in a loop.

What you should do about it

Additional information

Additional Sources

[1] https://nvd.nist.gov/vuln/detail/CVE-2017-16943

[2] https://nvd.nist.gov/vuln/detail/CVE-2017-16944

View Most Recent Advisories