Exim: A vulnerability that puts many mail servers at risk, and a patch has been published

A security vulnerability in the Exim mail program threatens millions of servers around the world. Attackers can exploit the vulnerability to execute malicious code on third-party systems. A bug fix has now been uploaded which should fix the vulnerability in the near future.

The vulnerability is known as CVE-2023-42115 and has a CVSS score of 9.8. The vulnerability was discovered by an anonymous security researcher and published via the Zero Day Initiative. A bug that gives attackers the opportunity to run their code on vulnerable servers. Hackers don’t have to verify themselves beforehand.

Because the SMTP service does not validate the request properly, a buffer overflow may occur. This means that almost any code can be executed with application privileges. The vulnerability was sent to the responsible developers in June and was disclosed a few days ago.

Millions of Exim servers can be found on the Internet

high Sleeping computers Servers containing mail transfer agents (MTA) are vulnerable targets because the systems are usually connected directly to the public Internet. Hackers hijack corresponding servers to gain access to internal company networks. Shodan research shows that more than 3.5 million Exim servers are currently accessible. The majority of systems are hosted in the United States. There are currently approximately 160,000 servers online in Germany. The Exim developer has now responded to the issue and confirmed the availability of a protected repository with bug fixes. Since Exim is the standard MTA software in many Linux distributions, operating system developers have to adopt patching and roll out updates themselves. Until the update occurs, administrators must restrict requests to the app.

See also: