Search the Community
Showing results for tags 'exim'.
mood posted a topic in Security & Privacy NewsCritical 21Nails Exim bugs expose millions of servers to attacks Newly discovered critical vulnerabilities in the Exim mail transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. The security flaws (10 remotely exploitable and 11 locally) found and reported by the Qualys Research Team are collectively known a 21Nails. All versions released before Exim 4.94.2 are vulnerable to attacks attempting to exploit the 21Nails vulnerabilitie
Just one week after a previously patched vulnerability in Exim mail servers was disclosed by Qualys, attackers have begun searching out vulnerable Exim systems prompting the Cybersecurity and Infrastructure Security Agency (CISA) to encourage users to update their systems to the latest version. CISA reported the vulnerability CVE-2019-10149 was detected in exploits in the wild and highly recommends Exim users employ the update. The vulnerability affects versions 4.87 to 4.91 allows a local, or in some cases, a remote attacker to execv as root, with no memor