Home » News » Researchers discover second critical vulnerability in Exim servers in two months

Researchers discover second critical vulnerability in Exim servers in two months

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges.

An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys.

A fix for the vulnerability, as well as a detailed description of it, will be published shortly. In order to prevent attacks using CVE-2019-15846, it is recommended that you upgrade Exim to version 4.92.2 or later.

An exploited user or an attacker who is on the same network as the vulnerable device can exploit the vulnerability. It can also be operated remotely if the server is connected to the Internet.

“Reported as CVE-2019-15846, this security vulnerability only affects Exim servers that accept TLS connections, potentially allowing attackers to access the system at the root level,” sending an SNI ending in a backslash sequence during the initial TLS handshake”, – inform Exim developers.

According to one of Exim developers, Heiko Schlitterman, he and his colleagues became aware of the vulnerability on September 3. The next day, the newsletter subscribers received a notification about the upcoming patch, which will be in the nearest future.

“So far, a full-fledged working exploit for the vulnerability does not exist. However, there is already a primitive PoC exploit, and administrators are strongly advised to install the update as soon as possible”, — said Heiko Schlitterman.

The patch is the largest update since the release of Exim 4.92.1, issued in July this year.

The update also fixed a critical vulnerability (CVE-2019-13917), which allowed remote code execution with superuser rights and non-standard configuration settings.

READ  Hackers attacked Volusion cloud-based e-commerce platform

Just three months ago, Exim also fixed a serious remote command execution vulnerability, tracked as CVE-2019-10149, which was actively used in the wild by various hacker groups to crack vulnerable servers.


Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet’s email servers today for routing, delivering and receiving email messages.

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Hacking tournament Pwn2Own Tokyo

Participants of the hacking tournament Pwn2Own Tokyo 2019 hacked Samsung Galaxy S10, Xiaomi Mi9, Amazon Echo and not only

The hacking tournament Pwn2Own Tokyo 2019, traditionally held as part of the PacSec conference and …

Vulnerability in Libarchive Threatens Linux

Vulnerability in Libarchive Threatens Many Linux Distributions

In the summer this year, Google experts, using the ClusterFuzz and OSS-Fuzz tools, discovered a …

Leave a Reply