News

Researcher warns of 400,000 vulnerable mail servers due to leak in Exim

By admin
Spread the love

A security researcher warns that 400,000 mail servers are vulnerable due to a leak in the mail transfer agent Exim. A patch is already available for the vulnerability that allows remote code execution.

Researcher Meh Chang writes in a blog post that it is necessary to perform an update if there is a vulnerable version of Exim. That’s all versions prior to 4.90.1, in which the Exim developers introduced a patch after the researcher reported the leak on February 5. This is the most recent version of the software at the time of writing.

According to the researcher, the vulnerability with characteristic CVE-2018-6789 makes it possible to execute remotely without an authentication code. In the blog post, he describes an exploit that targets Exim’s smtp daemon via a buffer overflow.

Exim’s developers have their own post dedicated to the vulnerability. In it, they write that they are not sure how serious the leak is, but that they “believe that performing an exploit is difficult.” There would be no known mitigation. The details of the leak came to light earlier in January.

Exim is a so-called mta, or mail transfer agent, for Unix-like operating systems. The open source software was first released in 1995 and runs on more than half of nearly one million scanned mail servers, according to a March 1 Securityspace report.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

Exit mobile version