A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution (RCE), gaining root privileges and worm-style lateral movement, according to researchers.
The Qualys Research Team has discovered a whopping 21 bugs in the popular mail transfer agent (MTA), which was built to send and receive email on major Unix-like operating systems. It comes pre-installed on Linux distributions such as Debian, for instance.
“Exim Mail Servers are used so widely and handle such a large volume of the internet’s traffic that they are often a key target for hackers,” Jogi said, noting that last year, a vulnerability in Exim was a target of the Russian advanced persistent threat (APT) known as Sandworm.
He added, “The 21 vulnerabilities we found are critical as attackers can remotely exploit them to gain complete root privileges on an Exim system – allowing compromises such as a remote attacker gaining full root privileges on the target server and executing commands to install programs, modify data, create new accounts and change sensitive settings on the mail servers. It’s imperative that users apply patches immediately.”
Qualys researchers wrote and tested the patches, Jogi told Threatpost; and the “official” patches from Exim are modified versions of those (those interested can review both for reference and comparison). Exim provided packagers and maintainers (including distros@openwall) with access to its security Git repository for updates.