CVE-2021-38371 Overview
CVE-2021-38371 affects the STARTTLS feature in Exim mail transfer agent (MTA) through version 4.94.2. The vulnerability allows response injection through buffering during MTA SMTP sending operations. An attacker positioned as a man-in-the-middle can inject pre-TLS plaintext commands that the Exim client processes after the TLS handshake completes. This breaks the security boundary that STARTTLS is intended to establish between unencrypted and encrypted SMTP sessions. The flaw is classified under [CWE-74] for improper neutralization of special elements in output used by downstream components. The vulnerability impacts integrity of mail transmission without affecting confidentiality or availability.
Critical Impact
A network-positioned attacker can inject commands into encrypted SMTP sessions, enabling credential theft, mail redirection, and bypass of TLS protections on outbound mail delivery.
Affected Products
- Exim MTA versions through 4.94.2
- Linux distributions packaging vulnerable Exim builds
- Debian LTS systems prior to applying the October 2024 security update
Discovery Timeline
- 2021-08-10 - CVE-2021-38371 published to NVD
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2021-38371
Vulnerability Analysis
The vulnerability resides in how Exim handles the transition from plaintext SMTP to TLS-encrypted SMTP via the STARTTLS command. When acting as an SMTP client during mail delivery, Exim fails to discard buffered data from the plaintext channel before initiating the TLS handshake. This buffer retention allows attackers to smuggle SMTP commands across the encryption boundary.
The defect falls into the broader class of STARTTLS injection issues documented in the NoSTARTTLS research disclosure. The flaw violates the explicit requirement in RFC 3207 that any pipelined commands following STARTTLS must be discarded before negotiating TLS. Exim instead processes them as if they originated from inside the encrypted session.
Root Cause
The root cause is improper neutralization of buffered input across a protocol state transition. Exim's SMTP client code reads data into a buffer before establishing TLS, and the buffer is not flushed when the connection upgrades. Commands injected by a network attacker during the cleartext phase remain in the buffer and are interpreted within the trusted TLS context.
Attack Vector
Exploitation requires the attacker to intercept or tamper with traffic between an Exim MTA acting as a sender and a remote SMTP server. The attacker injects additional SMTP responses or commands immediately before the 220 Ready to start TLS reply. After the TLS handshake, Exim parses the previously buffered attacker-controlled data as legitimate server responses. This enables redirection of mail flows, manipulation of envelope addresses, or harvesting of authentication credentials sent over the upgraded channel. The attack is network-based, requires no authentication, and needs no user interaction. Technical details are available in the Exim CVE-2021-38371 advisory and the NoSTARTTLS research.
Detection Methods for CVE-2021-38371
Indicators of Compromise
- Unexpected SMTP command sequences in Exim main logs immediately following STARTTLS negotiation with remote relays
- TLS sessions to outbound MTAs where the server banner or initial response differs from prior baselines
- Mail delivery to unexpected hosts or with modified envelope recipients after relay through the affected MTA
Detection Strategies
- Inspect Exim transport logs for malformed or duplicated response codes around the STARTTLS transition
- Compare expected server certificates and EHLO banners against historical baselines for known relay partners
- Apply network detection rules that flag SMTP responses containing CRLF-separated commands before the TLS handshake
Monitoring Recommendations
- Forward Exim mainlog and rejectlog to a centralized logging platform and alert on anomalous STARTTLS sequences
- Monitor outbound TCP/25 and TCP/587 sessions for protocol anomalies and unexpected destination changes
- Track Exim version inventory across mail infrastructure to confirm all instances run patched builds
How to Mitigate CVE-2021-38371
Immediate Actions Required
- Upgrade Exim to a version later than 4.94.2 that incorporates the STARTTLS buffer fix
- Apply the Debian LTS update referenced in the Debian LTS announcement on affected distributions
- Audit outbound mail routes and verify TLS certificate pinning where supported
Patch Information
Exim has published remediation details in the official advisory. Operators running Debian-based systems should install the package update from the Debian LTS October 2024 announcement. The patch ensures the SMTP client buffer is discarded prior to TLS negotiation, aligning behavior with RFC 3207 requirements.
Workarounds
- Configure Exim to use implicit TLS on port 465 instead of opportunistic STARTTLS where the remote server supports it
- Restrict outbound relay to trusted smarthosts over authenticated and pinned TLS connections
- Disable STARTTLS for transports to destinations that cannot be verified, accepting plaintext delivery only over trusted networks
# Example Exim transport configuration enforcing implicit TLS
remote_smtp_smarthost:
driver = smtp
port = 465
protocol = smtps
tls_verify_hosts = *
tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
hosts_require_tls = *
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
