The team behind the Exim mail server software recommends all users to install the latest patches as soon as possible. The patches fix 21 critical vulnerabilities.
The vulnerabilities were found by security company Qualys, which explains its findings in a blog post. The 21 different vulnerabilities allowed attackers to execute their own code on a cracked server and gain root access. This paved the way for installing programs, modifying data and creating new accounts. Ten of these vulnerabilities could be exploited remotely, the other eleven only with local access. Almost all of the vulnerabilities had been present in the software since the first version of Exim that Qualys was able to find in the software’s Git history in 2004.
Millions of servers are vulnerable
Exim is a popular mail transfer agent (MTA) that is installed by default on several Linux distributions, including Debian. As a result, the software is used by a huge number of people. It is estimated that 60 percent of the mail servers run on Exim and that four million of these servers are accessible via the Internet. The fact that many of these servers are connected to the internet through open ports makes them interesting targets for attackers. This was demonstrated recently, when four vulnerabilities in Microsoft Exchange Server were discovered, which gave attackers access to the many thousands of mail servers that use this software.
Users urged to install patches
Fortunately, Qualys appears to be the first to have found the vulnerabilities in Exim. The security company has informed the developers of Exim about the vulnerabilities, and they have since released a patch. This patch has been incorporated in version 4.94.2 of the software. The developers indicate that with the availability of this update, all previous versions of Exim are now obsolete.