FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Exim -- RCE with root privileges in TLS SNI handler

Affected packages
exim < 4.92.2


VuXML ID 61db9b88-d091-11e9-8d41-97657151f8c2
Discovery 2019-09-02
Entry 2019-09-06

Exim developers report:

If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.

The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx