CVE-2020-28024: 
Exim vulnerability analysis and mitigation

CVE-2020-28024 is a heap buffer underflow vulnerability in Exim mail server versions before 4.94.2. The vulnerability exists in the smtp_ungetc() function, which was only intended to push back characters but can actually push back non-character error codes such as EOF. This vulnerability was discovered as part of the '21Nails' vulnerability collection affecting Exim mail servers (Qualys Advisory, The Record).

The vulnerability is classified as a remote code execution (RCE) vulnerability with a CVSS v3.1 Base Score of 9.8 (CRITICAL). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD).

If successfully exploited, this vulnerability could allow unauthenticated remote attackers to execute arbitrary commands on the affected system. The vulnerability affects a critical mail server component that is widely deployed, with Exim having approximately 60% market share among mail transfer agents (The Record).

The primary mitigation is to upgrade to Exim version 4.94.2 or later. System administrators are strongly advised to apply the security updates immediately given the critical nature of the vulnerability and the widespread deployment of Exim mail servers (The Record).

The vulnerability was part of the '21Nails' collection that received significant attention due to Exim's widespread use in email infrastructure. Security researchers emphasized the critical nature of these vulnerabilities, particularly given Exim's dominant market position in email servers (The Record).