> > Do they need telnet or ssh access, > > I don't understand this obsession with ssh or telnet. Remote code > execution means that malicious party can execute any code on > affected system. >
To elaborate, since exim is an SMTP server it will be listening on TCP/25. All the attacker needs to do is run an SMTP command that will prompt exim to perform a lookup on a very long FQDN. The first command an SMTP client issues to an SMTP server is 'HELO <some FQDN>'. Exim can be configured to check if that the FQDN is valid, as a way of trying to distinguish spammers from valid mail servers. So here we have a situation where a security control happens to make the server less secure, and we have all that's required for exploitation in a nice package.