Hackk.Gr

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.90.1 **Description** An issue in the base64d function in the SMTP listener of Exim can cause a buffer overflow when processing handcrafted messages. This can be exploited to execute code remotely. The vulnerability is triggered by sending specially crafted data in the `AUTH` command and manipulating the sender's hostname in the `EHLO` command. The issue arises when handling data with a size not divisible by 4. **Recommendations** For versions prior to 4.90.1, update to version 4.90.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMTP listener or disabling the base64d function until a patch is applied. Avoid using the `AUTH` command with untrusted input and restrict manipulation of the sender's hostname in the `EHLO` command to minimize the risk of exploitation.