Researchers discover second critical vulnerability in Exim servers in two months

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges.

An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys.

A fix for the vulnerability, as well as a detailed description of it, will be published shortly. In order to prevent attacks using CVE-2019-15846, it is recommended that you upgrade Exim to version 4.92.2 or later.

An exploited user or an attacker who is on the same network as the vulnerable device can exploit the vulnerability. It can also be operated remotely if the server is connected to the Internet.

“Reported as CVE-2019-15846, this security vulnerability only affects Exim servers that accept TLS connections, potentially allowing attackers to access the system at the root level,” sending an SNI ending in a backslash sequence during the initial TLS handshake”, – inform Exim developers.

According to one of Exim developers, Heiko Schlitterman, he and his colleagues became aware of the vulnerability on September 3. The next day, the newsletter subscribers received a notification about the upcoming patch, which will be in the nearest future.

“So far, a full-fledged working exploit for the vulnerability does not exist. However, there is already a primitive PoC exploit, and administrators are strongly advised to install the update as soon as possible”, — said Heiko Schlitterman.

The patch is the largest update since the release of Exim 4.92.1, issued in July this year.

The update also fixed a critical vulnerability (CVE-2019-13917), which allowed remote code execution with superuser rights and non-standard configuration settings.

Just three months ago, Exim also fixed a serious remote command execution vulnerability, tracked as CVE-2019-10149, which was actively used in the wild by various hacker groups to crack vulnerable servers.

Reference:

Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet’s email servers today for routing, delivering and receiving email messages.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Leave a Reply

Back to top button