Login Sign Up

CVE-2020-28019

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Exim mail servers allows remote attackers to cause a denial of service through stack consumption via specially crafted BDAT commands. It affects Exim installations that accept BDAT commands instead of traditional DATA commands. The improper initialization can lead to recursion that exhausts stack memory.

💻 Affected Systems

Products:
  • Exim
Versions: Exim 4 before version 4.94.2
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects configurations where BDAT commands are accepted; traditional DATA command usage is not vulnerable.

📦 What is this software?

Exim by Exim

View all CVEs affecting Exim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or complete system crash due to stack overflow, potentially allowing attacker takeover of the mail server.

🟠

Likely Case

Denial of service causing mail server crash and service disruption, requiring manual restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service interruption limited to mail processing.

🌐 Internet-Facing: HIGH - Exim servers exposed to the internet can be directly targeted by remote attackers without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access to the mail server.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted BDAT commands; proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Exim 4.94.2

Vendor Advisory: https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt

Restart Required: Yes

Instructions:

1. Download Exim 4.94.2 or later from exim.org. 2. Compile and install following Exim documentation. 3. Restart Exim service. 4. Verify version with 'exim -bV'.

🔧 Temporary Workarounds

Disable BDAT command support

linux

Configure Exim to reject BDAT commands and only accept traditional DATA commands

Add 'disable_bdat = true' to Exim configuration file

Rate limit BDAT commands

linux

Implement rate limiting on BDAT commands to prevent exploitation attempts

Configure appropriate ACL rules in Exim to limit BDAT command frequency

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Exim servers
  • Deploy intrusion detection systems to monitor for BDAT exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Exim version with 'exim -bV | head -1' and compare to vulnerable versions (before 4.94.2)

Check Version:

exim -bV | head -1

Verify Fix Applied:

Verify version is 4.94.2 or later with 'exim -bV | head -1' and test BDAT command handling

📡 Detection & Monitoring

Log Indicators:

  • Multiple BDAT command failures
  • Stack overflow errors in system logs
  • Exim process crashes

Network Indicators:

  • Unusual BDAT command patterns
  • Multiple BDAT commands from single source

SIEM Query:

source="exim.log" AND ("BDAT" OR "stack overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2020-28019
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-665
Published: May 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28019, you might also want to check these:

CVE-2021-33635 9.8

CVE-2021-33635 is a critical vulnerability in iSulad container runtime where pulling malicious conta...

Same vulnerability type (CWE-665)
CVE-2022-0947 9.0

This vulnerability in ABB ARG600 Wireless Gateway series allows remote attackers to connect to seria...

Same vulnerability type (CWE-665)
CVE-2023-28737 8.8

This vulnerability in Intel Aptio V UEFI Firmware Integrator Tools allows authenticated local users ...

Same vulnerability type (CWE-665)