Detections
Analytics

FreeBSD : Exim -- RCE with root privileges in TLS SNI handler (61db9b88-d091-11e9-8d41-97657151f8c2)

high Nessus Plugin ID 128585

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Exim developers report :

If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.

The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx

Solution

Update the affected package.

See Also

http://www.nessus.org/u?8f464c6a

http://www.nessus.org/u?6e6cd0db

Plugin Details

Severity: High

ID: 128585

File Name: freebsd_pkg_61db9b88d09111e98d4197657151f8c2.nasl

Version: 1.1

Type: local

Published: 9/9/2019

Updated: 9/9/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:exim, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/6/2019

Vulnerability Publication Date: 9/2/2019