6 June 2019

New RCE-flaw in Exim impacts almost 60% of email servers worldwide

New RCE-flaw in Exim impacts almost 60% of email servers worldwide

Yesterday we have publish a security bulletin SB2019060505 describing remote code execution vulnerability in Exim MTA. According to the recent survey, Exim is used by 57% (507,389) of all mail servers worldwide.

The flaw affects Exim installations running versions 4.87 to 4.91 and allows local and remote attackers to execute arbitrary commands with execv() call. The major concern in here is that the code will be executed with root privileges.

The vulnerability can be exploited instantly by a local attacker with the access (even having low level account) to an email server. Remote exploitation of this bug requires an attacker to maintain a connection to the vulnerable server for 7 days (by transmitting one byte every few minutes).

It is recommended to install the latest version Exim 4.92 ASAP.

Back to the list

Latest Posts

New Mirai variant hides its C&Cs in Tor network for anonymity

New Mirai variant hides its C&Cs in Tor network for anonymity

The use of Tor network helps the malware operators to conceal its command and control servers and to avoid detection.
1 August 2019
New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

After infecting an Android mobile device, Filecoder scans the victim's contact list and sends links on ransomware to all the entries in the list.
31 July 2019
Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

URGENT/11 vulnerabilities pose a serious risk as they allow attackers to take over devices with no user interaction required.
30 July 2019
Featured vulnerabilities
MitM attack in Cisco HyperFlex
Medium Patched | 22 Aug, 2019
Multiple vulnerabilities in Palo Alto PAN-OS
High Patched | 22 Aug, 2019