Security News > 2020 > June > Several Exim Vulnerabilities Exploited in Russia-Linked Attacks

Several Exim Vulnerabilities Exploited in Russia-Linked Attacks
2020-06-02 16:24

Several vulnerabilities affecting the Exim mail transfer agent have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched.

The U.S. National Security Agency issued an alert last week to urge users to update their Exim servers to version 4.93 or newer, as earlier versions are impacted by vulnerabilities that have been exploited by a hacker group with ties to the Russian military.

Threat intelligence company RiskIQ says there are two other Exim vulnerabilities that have been exploited in the same campaign: CVE-2019-15846, a remote code execution vulnerability patched in September 2019 that impacts version 4.92.1 and earlier, and CVE-2019-16928, a DoS and code execution vulnerability affecting versions 4.92 through 4.92.2.

While a majority are running Exim 4.92, which patches CVE-2019-10149, the other two vulnerabilities still expose servers to attacks, which is likely why the NSA has advised users to update to version 4.93.

The threat group exploiting these vulnerabilities is tracked as Sandworm and TeleBots, and it has been linked to Russia's General Staff Main Intelligence Directorate.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/O734a89RrgY/several-exim-vulnerabilities-exploited-russia-linked-attacks

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
9.8
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
9.8
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Exim 1 2 14 21 11 48