5 May 2021

Millions Exim email servers impacted by dangerous flaws


Millions Exim email servers impacted by dangerous flaws

Millions of unpatched Exim email servers are potentially vulnerable to a set of bugs collectively called ‘21 Nails’ that could expose servers to cyberattacks. The vulnerabilities discovered by researchers at Qualys allow unauthenticated remote hackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.

According to Qualys, the popular mail transfer agent Exim contains 21 vulnerabilities, ten of which can be exploited remotely and other 11 issues are local flaws (the full list can be found here).

‘21 Nails’ flaws impact all versions of Exim before 4.94.2. “Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server,” Qualys said in a blog post.

The researchers noted that discovered vulnerabilities affect all Exim versions "going back all the way to 2004," meaning that most vulnerabilities have been present for 17 years.

According to a Shodan search, there are nearly four million known exposed Exim servers. A SecuritySpace survey from March estimated that 60% of visible mail servers use Exim.

Developers behind Exim have released a security update exim-4.94.2 that contains all changes on the exim-4.94+fixes branch and security fixes. Users are strongly advised to update their Exim instances as soon as possible.


Back to the list

Latest Posts

ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024
E-Root Marketplace operator sentenced to 3.5 years in prison

E-Root Marketplace operator sentenced to 3.5 years in prison

It is estimated that over 350,000 compromised credentials were listed for sale on the E-Root Marketplace.
18 March 2024