What it does
This skill provides a specialized security audit for CVE-2026-45185 (Dead.Letter), a high-severity use-after-free vulnerability affecting Exim mail servers. It performs a comprehensive, read-only analysis of your system to determine if the local Exim installation is susceptible to remote code execution (RCE).
How it works
The skill executes a multi-point inspection of the host environment, checking:
- Binary Versions: Targets Exim 4.97 through 4.99.2.
- Library Linkage: Specifically detects GnuTLS builds, as OpenSSL-linked versions are unaffected.
- Configuration State: Audits
BDAT/CHUNKINGsettings to see if the vulnerable path is exposed. - System Mitigations: Evaluates ASLR levels and systemd hardening like
MemoryDenyWriteExecute.
Why use this skill
Manually checking for "Dead.Letter" is error-prone because version numbers alone don't tell the whole story—vulnerability depends on the specific TLS library and configuration. This skill automates the detection logic, providing a definitive VULNERABLE, NOT VULNERABLE, or INCONCLUSIVE verdict with actionable remediation steps.
Supported Environments
Compatible with standard Linux mail server deployments (Ubuntu, Debian, RHEL) and containerized Exim instances. It requires no root privileges and makes no modifications to the system.