Vulnerability

21Nails Exim vulnerabilities

This blog contains information about the 21 Nails Exim vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information about the 21 Nails Exim vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update May 4, 2021

22:00 | Newly discovered vulnerabilities in the Exim mail transfer agent (MTA) allow attackers to execute code and gain root privilege on servers running Exim. The vulnerabilities together have been named 21Nails because there are 11 locally exploitable weaknesses and 10 remote. This can lead to allow attackers to fully compromise the mailservers.

Direct patching is highly recommended. For systems older than version 4.94 this should be done with some policy, because the configuration of older versions still needs to be adjusted slightly for the update to work. This is because of an extra security measure in version 4.94.2.

Customized cyber security

Background

Risk

In the Netherlands, just under 180,000 systems are vulnerable (see image below):

Advice

The following CVE references belong to this vulnerability. More information:
CVE Description Type
CVE-2020-28007 Link aanval in de log directory van Exim Local
CVE-2020-28008 Assorted attacks in Exim’s spool directory Local
CVE-2020-28014 Arbitrary file creation and clobbering Local
CVE-2021-27216 Arbitrary file deletion Local
CVE-2020-28011 Heap buffer overflow in queue_run() Local
CVE-2020-28010 Heap out-of-bounds write in main() Local
CVE-2020-28013 Heap buffer overflow in parse_fix_phrase() Local
CVE-2020-28016 Heap out-of-bounds write in parse_fix_phrase() Local
CVE-2020-28012 Missing close-on-exec flag for privileged pipe Local
CVE-2020-28009 Integer overflow in get_stdinput() Local
CVE-2020-28017 Integer overflow in receive_add_recipient() Remote
CVE-2020-28020 Integer overflow in receive_msg() Remote
CVE-2020-28023 Out-of-bounds read in smtp_setup_msg() Remote
CVE-2020-28021 New-line injection into spool header file (remote) Remote
CVE-2020-28022 Heap out-of-bounds read and write in extract_option() Remote
CVE-2020-28026 Line truncation and injection in spool_read_header() Remote
CVE-2020-28019 Failure to reset function pointer after BDAT error Remote
CVE-2020-28024 Heap buffer underflow in smtp_ungetc() Remote
CVE-2020-28018 Use-after-free in tls-openssl.c Remote
CVE-2020-28025 Heap out-of-bounds read in pdkim_finish_bodyhash() Remote
CVE-2020-28015 New-line injection into spool header file (local) Local

Sources

Learn more about 21Nails Exim vulnerabilities on this external source.

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6