Hjem » Nyheter » 57% av post-servere har alvorlig sikkerhetsbrudd

57% av post-servere har alvorlig sikkerhetsbrudd

Qualys researchers discovered a critical vulnerability that affects more than half of mail servers.

The problem was detected in the Exim Mail Transfer Agent (MTA) programvare, which is installed on mail servers for delivering emails from the sender to the addressee.

According to data for June 2019, Exim is set at 57% (507,389) of all servers found on the Internet. derimot, there is information that in fact the number of Exim installations exceeds this number tenfold and is estimated as 5.4 million.

Detected by Qualys experts vulnerabilities affect software versions fra 4.87 til 4.91. Sårbarheten gjør at en ekstern / lokal angriper å lansere kommandoer på mail server med superbruker rettigheter.

Les også: Mer enn 50,000 MS-SQL og phpMyAdmin servere ble smittet av rootkits og gruvearbeidere

Local attacker, even with the lowest privileges, can exploit it immediately. derimot, the most dangerous are remote attackers who scan the Internet for vulnerable servers and are able to take control of vulnerable systems.

For remote exploitation of the default configuration, an attacker must maintain a connection to the vulnerable server for seven days (by sending one byte every few minutes).

“For transmitting one by one for each day (by transmitting one byte every few minutes). derimot, we cannot guarantee that this method of exploitation is unique; faster methods may exist”, – admit researchers.

I tillegg, they indicate that vulnerability can be exploited remotely not only with the default configuration settings.

The problem was fixed in the version of Exim 4.92, released in February of this year. It is noteworthy that at the time of new software’s version release, vulnerability was not yet known, and it was fixed accidentally. Researchers discovered the problem only during the audit of old Exim versions.

LESE  Docker sårbarhet kan lese og skrive filer på verten

Vulnerability assigned an identifier CVE-2019-10149, in Qualys, it passes under the nameReturn of the Wizard“.

Kilde: https://www.openwall.com

[Totalt:0    Gjennomsnitt:0/5]

Om Trojan Killer

Carry Trojan Killer Portable på minnepinne. Vær sikker på at du er i stand til å hjelpe din PC motstå eventuelle cyber trusler uansett hvor du går.

Sjekk også

MageCart på Heroku Cloud Platform

Forskere fant flere MageCart Web Skimmers På Heroku Cloud Platform

Researchers at Malwarebytes reported about finding several MageCart web skimmers on the Heroku cloud platform

Android spyware CallerSpy

CallerSpy spyware masker som en Android-chat program

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Legg igjen et svar