CVE-2023-42115: 
Exim vulnerability analysis and mitigation

CVE-2023-42115 is a critical out-of-bounds write remote code execution (RCE) vulnerability in Exim mail transfer agent. The vulnerability was discovered in June 2022 and publicly disclosed by Zero Day Initiative (ZDI) on September 27, 2023. This vulnerability affects the SMTP service that listens on TCP port 25 by default and has received a CVSS score of 9.8. The flaw impacts Exim installations, which are widely used with over 3.5 million servers exposed to the internet globally (Arctic Wolf, ZDI).

The vulnerability stems from improper validation of user-supplied data within the SMTP service, specifically in the 'External' authentication scheme. The issue results from the lack of proper validation of user input, which can result in a write past the end of a buffer. The vulnerability allows an attacker to write two pointers beyond the index of the auth_vars buffer, leading to an out-of-bounds write condition. The flaw is tracked as CWE-787 (Out-of-bounds Write) and requires the 'External' authentication scheme to be configured and available (Watchtowr Labs, ZDI).

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim without requiring authentication. An attacker can leverage this vulnerability to execute code in the context of the service account. Given Exim's widespread use across Unix-based systems, with over 3.5 million servers exposed to the internet globally, the potential impact is significant (ZDI, Arctic Wolf).

Exim released security fixes for this vulnerability on October 2, 2023, with version 4.96.1. Organizations are strongly recommended to upgrade to this latest version of Exim. In cases where immediate patching is not possible, the recommended mitigation strategy is to restrict interaction with the application (Arctic Wolf, ZDI).