CVE-2017-16944

HIGH

Exim 4.88-4.89 - Denial of Service via BDAT Command Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16944. PoCs published by meh.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Exim by triggering an infinite loop due to incorrect state handling in the BDAT command processing. The PoC sends malformed BDAT commands to crash or hang the Exim SMTP server.

Description

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by meh · textdosmultiple

https://www.exploit-db.com/exploits/43184

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Exim by triggering an infinite loop due to incorrect state handling in the BDAT command processing. The PoC sends malformed BDAT commands to crash or hang the Exim SMTP server.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Exim (versions affected by CVE-2017-16944)

No auth needed

Prerequisites: Network access to the Exim SMTP server

MITRE ATT&CK