Jump to content

Exim vulnerability being exploited in the wild

Recommended Posts

Just one week after a previously patched vulnerability in Exim mail servers was disclosed by Qualys, attackers have begun searching out vulnerable Exim systems prompting the Cybersecurity and Infrastructure Security Agency (CISA) to encourage users to update their systems to the latest version.




CISA reported the vulnerability CVE-2019-10149 was detected in exploits in the wild and highly recommends Exim users employ the update. The vulnerability affects versions 4.87 to 4.91 allows a local, or in some cases, a remote attacker to execv as root, with no memory corruption or return-oriented programming involved. While the vulnerability can be exploited instantly a rather odd set of circumstances must be created and sustained. All the affected versions of Exim are vulnerable by default.


Version 4.92, issued on February 10, 2019, includes a patch to fix the issue, with Tenable estimating 4.1 million servers remain vulnerable.


“Security researchers have observed active exploitation in the wild, one of which includes an attack resulting in permanent root access to vulnerable systems via SSH. It is critically important for those running Exim to upgrade to version 4.92 or apply the backported fix to vulnerable versions in order to prevent these newly discovered attacks from succeeding,” said Satnam Narang, senior research engineer with Tenable.


One reason so many Exim users may have not updated was awareness. The patch for CVE-2019-10149 was included in version 4.92, but was not labeled as a security issue as Exim does not issue separate security updates.



Link to post
Share on other sites
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • steven36


Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...