Exim's Serious Vulnerabilities Expose 4 Million Servers
The popular mail transfer agent (MTA) Exim, widely used on Unix-like systems and pre-installed on many Linux distributions, has been found to have serious vulnerabilities. The Qualys Research Team has discovered 21 unique issues, with 10 being remotely exploitable. Users are urged to apply patches immediately.
Last year, Russian cyber actors known as the Sandworm team targeted Exim vulnerabilities. The latest discovery includes a high-severity use-after-free bug (CVE-2020-28007), found and responsibly disclosed by the Zero Day Initiative (ZDI) in May 2021. This issue can lead to arbitrary code execution. Exim has since released an update (version 4.94) to address this and other vulnerabilities.
The Qualys team confirmed these issues, developed exploits, and coordinated with Exim developers and open-source distributions for responsible disclosure. Some vulnerabilities can be chained together for full remote unauthenticated code execution and root privilege gain. With an estimated 60% of internet servers running on Exim, nearly 4 million servers are exposed, highlighting the urgent need for patching.
Exim has released a security update addressing multiple vulnerabilities in versions prior to 4.94.2. Successful exploitation allows remote attackers to gain full root privileges and execute commands. Users are advised to apply these patches immediately to protect their systems.
Read also:
- Berlin Brandenburg Airport Struggles After Cyberattack Disrupts IT Systems
- Expanded Criticism of Human Rights Protections - Specialists Criticize Russia's Intensified Crackdown on Virtual Private Networks and Encrypted Applications
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Artificial Intelligence's Self-Consumption: The Demise of the Attention Economy
