Exim, which powers 60% of the Internet’s email servers, is vulnerable to a remote code execution (CVE-2019-15846) in all versions prior to 4.92.2 which has just been released to patch the problem. TLS connections must be enabled in order to exploit the vulnerability.
The flaw exists in the way Exim handles SNI (Server Name Indication) requests during the initial TLS handshakes. The problem is the Exim code, and so it does not matter which TLS library is used by the server – both GnuTLS and OpenSSL are affected.
SNI provides the ability for a single IP address to host several server certificates. During the initial TLS handshake, the client identifies the certificate name it wishes to use for the TLS connection. If the client sends a SNI request ending in a backslash-null sequence it will enable the attacker to execute arbitrary code in the root context on the server.
Most distributions of Exim have the TLS support disabled by default, however security conscious administrators may have turned it on as it is considered best practice.