The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. Upstream bug: https://bugs.exim.org/show_bug.cgi?id=2199 Upstream patch: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
Created exim tracking bugs for this issue: Affects: epel-all [bug 1517686] Affects: fedora-all [bug 1517687]
Mitigation: if you are running Exim 4.88 or newer, then in the main section of your Exim configuration, set: chunking_advertise_hosts = This disables advertising the ESMTP CHUNKING extension, making the BDAT verb unavailable and avoids letting an attacker apply the logic.