Researcher warns of 400,000 vulnerable mail servers due to leak in Exim

Spread the love

A security researcher warns that 400,000 mail servers are vulnerable due to a leak in the mail transfer agent Exim. A patch is already available for the vulnerability that allows remote code execution.

Researcher Meh Chang writes in a blog post that it is necessary to perform an update if there is a vulnerable version of Exim. That’s all versions prior to 4.90.1, in which the Exim developers introduced a patch after the researcher reported the leak on February 5. This is the most recent version of the software at the time of writing.

According to the researcher, the vulnerability with characteristic CVE-2018-6789 makes it possible to execute remotely without an authentication code. In the blog post, he describes an exploit that targets Exim’s smtp daemon via a buffer overflow.

Exim’s developers have their own post dedicated to the vulnerability. In it, they write that they are not sure how serious the leak is, but that they “believe that performing an exploit is difficult.” There would be no known mitigation. The details of the leak came to light earlier in January.

Exim is a so-called mta, or mail transfer agent, for Unix-like operating systems. The open source software was first released in 1995 and runs on more than half of nearly one million scanned mail servers, according to a March 1 Securityspace report.

You might also like