Security News
A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible, as all versions of Exim previous to version 4.94.2 are now obsolete.
Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws. Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors.
Newly discovered critical vulnerabilities in the Exim mail transfer agent software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. All versions released before Exim 4.94.2 are vulnerable to attacks attempting to exploit the 21Nails vulnerabilities.
Several vulnerabilities affecting the Exim mail transfer agent have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched. The U.S. National Security Agency issued an alert last week to urge users to update their Exim servers to version 4.93 or newer, as earlier versions are impacted by vulnerabilities that have been exploited by a hacker group with ties to the Russian military.
The U.S. National Security Agency on Thursday published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team. The open-source Exim mail transfer agent is used broadly worldwide, powering more than half of the Internet's email servers and also being pre-installed in some Linux distributions.
The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.
The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.
The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.
This latest Exim flaw could lead to at least a denial of service crash in the software but also the possibility of remote code execution.
Hot on the heels of a patch for a critical RCE Exim flaw comes another one that fixes a denial of service (DoS) condition (CVE-2019-16928) that could also be exploited by attackers to pull off...