Millions of Exim servers are vulnerable to one security error which can enable attackers to execute malicious code with root privileges.
All Exim servers that are running 4.92.1 version before they are vulnerable, said team of Exim. OR 4.92.2 version released on Friday, September 6, to address the problem.
The problem may not seem significant to many, but Exim is one of the most widespread today software. Exim is a mail transfer agent (MTA), that is, software running in the background of e-mail servers. While email servers often send or receive messages, they also act as a "transponder" for other people's emails. This is basically the job of the MTA.
Exim is the most widely used MTA today, with a market share of over 57%, according to a June 2019 survey. Its success can be attributed to the fact that it has been combined with a multitude of distributions Linux, from Debian until the Red Hat.
Vulnerability
If the Exim server is configured to accept incoming connections TLS, One hacker it can send a malicious backslash-null sequence attached to the end of an SNI package and execute malicious code with root privileges.
The issue was reported in early July by a security researcher named Zerons and has been completely resolved by the Exim team.
The secrecy was justified because of how easily it could be done exploit vulnerability, root access and due to the large number of vulnerable servers.
Valid sources refer to over 5,2 millions of Exim servers running 4.92.1 and above (ie, vulnerable versions).
Server owners can mitigate this vulnerability - registered as CVE-2019-15846 - by disabling TLS support for the Exim server. However, this can not be a permanent and 100% safe solution, as he states email traffic cleartext and makes it vulnerable to sniffing attacks and surveillance.
This mitigation is not recommended for Exim owners living in the EU, as it can expose their companies to data leaks and nasty fines for GDPR.
It is worth noting, however, that by default, Exim installations do not have default TLS support. Nevertheless, there are Exim included in Linux distros and offer TLS enabled by default. As most server administrators use OS images and few manually execute the Exim download process, most Exim cases are probably vulnerable.
In addition, Exim servers with cPanel, a popular web hosting software, also support TLS by default. The good news is that its creators cPanel directly integrated the Exim patch into a cPanel update.
Security experts warn that Exim's security flaw will be immediately exploited.