Home » News » Researchers discover second critical vulnerability in Exim servers in two months

Researchers discover second critical vulnerability in Exim servers in two months

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges.

An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys.

A fix for the vulnerability, as well as a detailed description of it, will be published shortly. In order to prevent attacks using CVE-2019-15846, it is recommended that you upgrade Exim to version 4.92.2 or later.

An exploited user or an attacker who is on the same network as the vulnerable device can exploit the vulnerability. It can also be operated remotely if the server is connected to the Internet.

“Reported as CVE-2019-15846, this security vulnerability only affects Exim servers that accept TLS connections, potentially allowing attackers to access the system at the root level,” sending an SNI ending in a backslash sequence during the initial TLS handshake”, – inform Exim developers.

According to one of Exim developers, Heiko Schlitterman, he and his colleagues became aware of the vulnerability on September 3. The next day, the newsletter subscribers received a notification about the upcoming patch, which will be in the nearest future.

“So far, a full-fledged working exploit for the vulnerability does not exist. However, there is already a primitive PoC exploit, and administrators are strongly advised to install the update as soon as possible”, — said Heiko Schlitterman.

The patch is the largest update since the release of Exim 4.92.1, issued in July this year.

The update also fixed a critical vulnerability (CVE-2019-13917), which allowed remote code execution with superuser rights and non-standard configuration settings.

READ  Police closed one of the Darknet largest illegal trading platforms: its owners vanished with $30 million deposits

Just three months ago, Exim also fixed a serious remote command execution vulnerability, tracked as CVE-2019-10149, which was actively used in the wild by various hacker groups to crack vulnerable servers.

Reference:

Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet’s email servers today for routing, delivering and receiving email messages.

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Metasploit published an exploit for BlueKeep

Metasploit developers publish exploit for BlueKeep vulnerability

Metasploit developers published an exploit for the BlueKeep vulnerability. It allows code execution and it …

Vulnerabilities in D-Link and Comba Routers

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow …

Leave a Reply