CVE-2020-28010: 
Exim vulnerability analysis and mitigation

CVE-2020-28010 affects Exim 4 versions before 4.94.2. The vulnerability is an Out-of-bounds Write issue that occurs when the main function, while running with setuid root privileges, attempts to copy the current working directory pathname into a buffer that is too small on some common platforms (NVD, CVE).

The vulnerability stems from a code change introduced in Exim 4.92 where the main function copies the current working directory (initialcwd) into a heap-based bigbuffer. While the strncpy() operation itself cannot overflow bigbuffer, on Linux systems initialcwd can exceed bigbuffersize (16KB), leading to potential out-of-bounds writes. The issue occurs because the pointer arithmetic can increase p past big_buffer's end, resulting in writes beyond the buffer's bounds (Qualys Advisory). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an unprivileged local attacker to obtain full root privileges on affected systems. This is particularly severe as Exim runs with setuid root privileges, meaning a successful exploit could lead to complete system compromise (Qualys Advisory).

The vulnerability was fixed in Exim version 4.94.2. System administrators are advised to upgrade to this version or later to mitigate the risk. The fix addresses the underlying issue with the buffer handling in the main function (NVD).