CVE-2017-16943

CRITICAL

Exim 4.88-4.89 - Remote Code Execution via BDAT Command Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16943. PoCs published by beraphin.

AI-analyzed exploit summary This repository provides a detailed analysis of CVE-2017-16943, a use-after-free (UAF) vulnerability in Exim's receive_msg function. It includes environment setup instructions, vulnerability analysis, and a step-by-step explanation of how the UAF can be triggered to achieve RIP hijacking.

Description

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

Exploits (1)

nomisec WRITEUP

by beraphin · poc

https://github.com/beraphin/CVE-2017-16943

View Code ZIP pw:eip

This repository provides a detailed analysis of CVE-2017-16943, a use-after-free (UAF) vulnerability in Exim's receive_msg function. It includes environment setup instructions, vulnerability analysis, and a step-by-step explanation of how the UAF can be triggered to achieve RIP hijacking.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Exim (version up to commit 01c594601670c7e48e676d6c6d32d0f0084067fa)

No auth needed

Prerequisites: Access to a vulnerable Exim server · Ability to send crafted SMTP commands

MITRE ATT&CK