Security News > 2021 > May > Qualys Flags Gaping Security Holes in Exim Mail Server
Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws.
Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors.
An advisory from Qualys documents a total of 21 security vulnerabilities, 10 serious enough to expose Exim mail servers to remote code execution attacks.
Qualys said it reported the flaws to Exim since last October and noted that some of the vulnerabilities have been present in Exim since at least 2004, Qualys warned.
We recently audited central parts of the Exim mail server and discovered 21 vulnerabilities: 11 local vulnerabilities, and 10 remote vulnerabilities.
A separate note from Exim maintainers contains information on applying security patches.