Serviceteam IT Security News
If exploited, the security hole in unpatched versions of Exim could allow attackers to run arbitrary commands on vulnerable mail servers

Exim, the popular mail transfer agent (MTA) software, contains a critical-rated vulnerability that can, in some scenarios, enable remote attackers to run commands of their choice on unpatched mail servers, researchers from Qualys have found.

Tracked under CVE-2019-10149, the remote command execution flaw impacts Exim installations 4.87 through 4.91. The bug was fixed with the latest version (4.92) of the open-source software, albeit, by all accounts, unknowingly. According to Qualys, the issue “was not identified as a security vulnerability” when the latest version was released in February.

The software, which is responsible for transferring messages from one computer to another is, installed on a large chunk of mail servers that are visible online. More than 95 percent of them appear to run one of Exim’s older – and vulnerable – versions.

According to Qualys, the bug could enable attackers to execute commands on a vulnerable Exim server as the root user and effectively take it over.

The vulnerability is “trivially exploitable” by a local attacker, even with a low-privileged account. Perhaps more worryingly, however, remote exploitation is also possible, both in Exim’s default and non-default setup. The silver lining is that things would be more difficult for remote attackers.

“This vulnerability is exploitable instantly by a local attacker (and by a remote attacker in certain non-default configurations). To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes). However, because of the extreme complexity of Exim’s code, we cannot guarantee that this exploitation method is unique; faster methods may exist”.

Additional details about how the hole in Exim could be exploited are available in the aforementioned advisory.

Meanwhile, Exim’s maintainers said that there is no evidence that the hole is under active exploitation and that the patch “exists already, is being tested, and backported to all versions we released since (and including) 4.87”.

On a different note, dangers faced by mail servers were documented in recent ESET research that dissected the first malware that was specifically designed to target Microsoft Exchange mail servers.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!