The version of exim installed on the remote host is prior to 4.92-1.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1497 advisory.

    Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. Local users can alter the     behavior of root processes because a recipient address can have a newline character. (CVE-2020-28015)

    Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in receive_add_recipient via an     e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of     resource consumption. (CVE-2020-28017)

    Prior versions of Exim 4 allowed Use After Free in smtp_reset in certain situations that may be common for     builds with OpenSSL. (CVE-2020-28018)

    Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. An authenticated remote SMTP     client can insert newline characters into a spool file (which indirectly leads to remote code execution as     root) via AUTH= in a MAIL FROM command. (CVE-2020-28021)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : exim (ALAS-2021-1497)

critical Nessus Plugin ID 149430

Version 1.6