CVE-2018-6789
Published: 08 February 2018
Summary
CVE-2018-6789 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Debian Debian Linux. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a buffer overflow (CWE-120) in the base64d function within the SMTP listener component of Exim versions prior to 4.90.1. It was assigned CVE-2018-6789 with a CVSS v3.1 score of 9.8, reflecting network-accessible attack conditions that require no authentication or user interaction.
An unauthenticated remote attacker can exploit the flaw by sending a specially crafted message to the SMTP listener, triggering the overflow to achieve arbitrary code execution on the affected server with full confidentiality, integrity, and availability impact.
Advisories referenced in public disclosure lists indicate that the issue is resolved by upgrading to Exim 4.90.1 or later. No additional real-world exploitation details or AI/ML considerations are provided in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-18536
Vulnerability details
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of SMTP input to the base64d function, blocking the crafted message that triggers the buffer overflow.
Requires prompt application of the vendor patch that upgrades Exim to 4.90.1 and eliminates the vulnerable base64d implementation.
Applies memory-protection mechanisms that can block exploitation of the overflow even if input validation fails.