57% af mail-servere har kritisk sårbarhed

Qualys forskere opdaget en kritisk sårbarhed, som påvirker mere end halvdelen af ​​mailservere.

The problem was detected in the Exim Mail Transfer Agent (MTA) software, som er installeret på mailservere for at levere e-mails fra afsenderen til modtageren.

Ifølge data for juni 2019, Exim er fastsat til 57% (507,389) af alle servere, der findes på internettet. imidlertid, there is information that in fact the number of Exim installations exceeds this number tenfold and is estimated as 5.4 million.

Detected by Qualys experts vulnerabilities affect software versions Fra 4.87 til 4.91. Sårbarheden tillader en fjernbetjening / lokal hacker at lancere kommandoer på mailserveren med superbruger privilegier.

Læs også: Mere end 50,000 MS-SQL og phpMyAdmin servere blev inficeret ved rootkits og minearbejdere

Local attacker, even with the lowest privileges, can exploit it immediately. imidlertid, the most dangerous are remote attackers who scan the Internet for vulnerable servers and are able to take control of vulnerable systems.

For remote exploitation of the default configuration, an attacker must maintain a connection to the vulnerable server for seven days (by sending one byte every few minutes).

“For transmitting one by one for each day (by transmitting one byte every few minutes). imidlertid, we cannot guarantee that this method of exploitation is unique; faster methods may exist”, – admit researchers.

Desuden, they indicate that vulnerability can be exploited remotely not only with the default configuration settings.

The problem was fixed in the version of Exim 4.92, released in February of this year. It is noteworthy that at the time of new software’s version release, vulnerability was not yet known, and it was fixed accidentally. Researchers discovered the problem only during the audit of old Exim versions.

Vulnerability assigned an identifier CVE-2019-10.149, in Qualys, it passes under the nameReturn of the Wizard“.

Kilde: https://www.openwall.com

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

MageCart på Heroku Cloud Platform

Forskere har fundet flere MageCart Web Forplove On Heroku Cloud Platform

Forskere ved Malwarebytes rapporteret om at finde flere MageCart web skummere på Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware masker som en Android chat applikation

Trend Micro eksperter opdagede malware CallerSpy, hvilke masker som en Android chat program og, …

Skriv et svar