Vulnerability in Exim mail server

Filip Pokorný

Sept. 11, 2019

Newly released version of Exim mail server patches remote code execution vulnerability in versions up to and including 4.92.1. The vulnerability (CVE-2019-15846) is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. We encourage users and administrators to review security advisory from Exim and apply necessary updates.