Multiple critical vulnerabilities in Exim email server software pose RCE risk

Msg spool assault menace

Security researchers at Qualys have uncovered a number of safety vulnerabilities in Exim, one of the crucial fashionable mail switch brokers used for public-facing email servers.

During a full safety audit of Exim, the researchers discovered 21 vulnerabilities. Eleven of the vulnerabilities had been solely exploitable regionally, however the remaining 10 may lend themselves to distant exploitation.

Worse but, a number of of those remotely exploitable points may very well be chained collectively to create a full remote code execution assault, Qualys warns.

Digital paper path

The points return to at the very least the start of Exim’s Git historical past, in 2004, so all supported variations of the software want updating.

The vulnerabilities are tracked as CVE-2020-28007 by means of CVE-2020-28026, plus CVE-2021-27216.

Catch up on the latest vulnerability research

Qualys has demonstrated that three of the failings pose an unauthenticated RCE risk – a extreme class of vulnerability that requires no motion from the sufferer and may end up in full system takeover.

The trio of critical safety flaws embody CVE-2020-28020, an integer overflow in receive_msg(); CVE-2020-28018, a use-after-free flaw in tls-openssl.c; and CVE-2020-28021, a new-line injection into spool header file.

Details of the 21 flaws are coated in a technical blog post by Qualys. A touchdown web page with a walkthrough video has additionally been launched.

Server-side mayhem

Exim mail servers are fashionable in their class and deal with a big quantity of web site visitors, making them a gorgeous goal for attackers.

RELATED Critical Exim bug impacts more than half of all email servers

Bharat Jogi, senior supervisor, vulnerability and menace analysis at Qualys, commented: “The 21 vulnerabilities we discovered are critical as attackers can remotely exploit them to achieve full root privileges on an Exim system – permitting compromises akin to a distant attacker gaining full root privileges on the goal server and executing instructions to put in packages, modify knowledge, create new accounts, and alter delicate settings on the mail servers.textual content

“It’s crucial that customers apply patches instantly,” Jogi concluded.

The Daily Swig posed quite a lot of follow-up inquiries to Qualys about its analysis. We’ll replace this story as and when extra info comes handy.

A latest survey by E-Soft discovered that three in 5 (60.7 %) of publicly accessible email servers ran Exim, means forward of its closest rival Postfix. The Exim platform is especially fashionable as a mail switch agent bundle with universities, for instance.

YOU MIGHT ALSO LIKE Pulse Connect Secure zero-day stars in critical patch batch

Related Posts