CVE-2020-28021: 
Exim vulnerability analysis and mitigation

CVE-2020-28021 is a remote code execution vulnerability affecting Exim mail server versions before 4.94.2. The vulnerability allows an authenticated remote SMTP client to inject newline characters into a spool file via AUTH= in a MAIL FROM command, which can indirectly lead to remote code execution with root privileges (Qualys Advisory, NVD).

The vulnerability is part of the '21Nails' collection of vulnerabilities discovered in Exim. It is classified as a new-line injection vulnerability that can be exploited remotely by an authenticated user. The vulnerability has a CVSS v3.1 Base Score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and a CVSS v2.0 Base Score of 9.0 HIGH (Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) (NVD).

When successfully exploited, this vulnerability allows an authenticated attacker to execute arbitrary commands with root privileges on the target system. This is particularly severe as it can lead to complete system compromise, allowing attackers to gain full control over the mail server (Qualys Advisory).

The vulnerability has been patched in Exim version 4.94.2. System administrators are strongly advised to update to this version or later to protect against this vulnerability. All versions of Exim prior to 4.94.2 should be considered obsolete and vulnerable (ConnectWise).

The vulnerability was part of the '21Nails' disclosure which received significant attention due to Exim's widespread use, affecting approximately 60% of internet email servers. The security community emphasized the importance of immediate patching due to the critical nature of these vulnerabilities (The Record).