Email Bug Shows Flaws in Reporting System

When one of the worlds most commonly used email applications doesnt have a bug-reporting system, things get very public very quickly.

Get some sysadmins around some beers, and at some point those that run mail servers on their systems will undoubtedly start complaining. Its a labor intensive task, and prone to snafus in the best of situations. Something is always going wrong.
But the underlying software has usually been boring and uneventful. Its something no one thinks a lot about. Except that some guy in Taiwan found a honker of a problem in the Exim mail transfer agent. Exit runs on email servers and that does the actual relay of emails from senders to recipients.
Exim
is no marginal program. A survey in March of this year found it running on 56% of the nets mail servers. Its major in its niche.
Exim said on its website that it had been told by this Taiwanese guy that there were major flaws in Exim 4.88 and 4.89, which are the latest versions.
The more serious of the two bugs was
CVE-2017-16943
. This is a use-after-free vulnerability that leads to remote code execution on affected servers. It affects what is called chunking. Chunking is what allows the breaking up and sending of emails in multiple chunks. Special commands are used by Exim to break down, handle, and reconstruct chunks. It is a basic functionality of what Exim is routinely used for. [
Editors note: The second, less serious bug is described in
CVE-2017-16944
.
]
It was found that Exim mishandles the BDAT commands that are part and parcel of the chunking operation. This is the vulnerability that would let an attacker execute their malicious code on the underlying server. BDAT handling errors also give rise to the second bug, which is a denial of service exploit that causes an infinite loop.
Now, there is no patch to fix this that has distributed as of this date. The blog states a workaround, but it is only for those that can modify the program internals.
The reason for no patch is rather interesting. The bug was distributed in the public section of their blog, so Exim was as surprised as the rest of us to see it happen. It went public first because there was no method given by Exim for bugs to be submitted privately. Exim didnt have the time to verify their workaround was a viable solution, so no patch yet.
Yes, they have now made a way for private bug submissions to happen, but the damage has been done. Anyone that wants to exploit the problem can see in detail how it can be attacked. Without a fix, everyone running the mailer is at risk.
So, running a mailer just became a major attack surface. It didnt have to be this way. Exim just had to realize bugs would happen and that they didnt want to publicize them.
Its not the first time techno-arrogance has had bad results.
Related posts:
Major Apple Flaw Found, Fixed & Still Dangerous
Intel Management Engine Has a Big Problem
Microsoft Misses Memory Mistake: The Security That Wasnt
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Email Bug Shows Flaws in Reporting System