Exim Vulnerability CVE-2019-16928 Could Lead to Denial-of-Service and Remote Code Execution Attacks robotikasu, shopcvvcc

A vulnerability involving the message transfer agent Exim — estimated to run roughly 57% of all email servers — has been discovered by security researchers from QAX-A-Team . Exploitation of the bug, assigned CVE-2019-16928 , could result in threat actors being able to launch denial-of-service (DoS) or remote code execution (RCE) attacks.
The vulnerability is a result of a heap-based overflow error in string_vformat (string.c). According to Exim’s advisory , the vulnerability can be exploited by an attacker via an “extraordinary long Extended HELO (EHLO) string” meant to crash the process that is responsible for receiving the message. Exim coder Jeremy Harris, who called the vulnerability a “simple coding error” that resulted from not growing a string by enough, published a proof of concept showing an example of how it could be exploited.
Exim also notes that there might be other ways to exploit the vulnerable code. A post on Exim’s bug tracker revealed that RCE attacks are also a possibility.
A couple of other Exim vulnerabilities have made headlines the past few months. In June, threat actors were found to be targeting servers using Exim via the Watchbog trojan, while another bug (CVE-2019-15846) that could also lead to RCE attacks was discovered in September.
[READ: Jira and Exim vulnerabilities exploited by Watchbog to deliver cryptocurrency miners ]
CVE-2019-16928 was introduced with Exim 4.92 and also affects versions 4.92, 4.92.1, and 4.92.2. Versions that predate 4.92 are not affected by the bug.
Exim users are advised to update to the latest version (4.92.3 ), which includes a fix that addresses CVE-2019-16928.
Security recommendations and Trend Micro solutions
Vulnerabilities in software are a common — and unfortunately unavoidable — occurrence. Organizations should always prioritize patching their software to the latest versions, especially if the update addresses critical vulnerabilities that, if exploited, could result in actual damage to the businesses. In this case, CVE-2019-16928 already has a patch that fixes the flaw and Exim has even offered a backported fix for organizations that cannot install the new version. Given Exim’s ubiquity, neglecting to patch vulnerable instances can lead to consequences that extend beyond the organization itself.
Furthermore, organizations can strengthen their overall security by using security products like the  Trend Micro ™  Deep Discovery ™ solution, which provides detection, in-depth analysis, and proactive response to attacks that exploit vulnerabilities via specialized engines, custom  sandboxing , and seamless correlation across the entire attack life cycle, allowing it to detect these attacks even without any engine or pattern update. 
Trend Micro  Deep Discovery Inspector , protects customers from attacks that exploit CVE-2019-16928 via the following rule:
Like it? Add this infographic to your site:1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
robotikasu shopcvvcc