5 May 2021

Millions Exim email servers impacted by dangerous flaws


Millions Exim email servers impacted by dangerous flaws

Millions of unpatched Exim email servers are potentially vulnerable to a set of bugs collectively called ‘21 Nails’ that could expose servers to cyberattacks. The vulnerabilities discovered by researchers at Qualys allow unauthenticated remote hackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.

According to Qualys, the popular mail transfer agent Exim contains 21 vulnerabilities, ten of which can be exploited remotely and other 11 issues are local flaws (the full list can be found here).

‘21 Nails’ flaws impact all versions of Exim before 4.94.2. “Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server,” Qualys said in a blog post.

The researchers noted that discovered vulnerabilities affect all Exim versions "going back all the way to 2004," meaning that most vulnerabilities have been present for 17 years.

According to a Shodan search, there are nearly four million known exposed Exim servers. A SecuritySpace survey from March estimated that 60% of visible mail servers use Exim.

Developers behind Exim have released a security update exim-4.94.2 that contains all changes on the exim-4.94+fixes branch and security fixes. Users are strongly advised to update their Exim instances as soon as possible.


Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021