WeWork's WiFi network is leaking sensitive user information
infosec

WeWork's WiFi network is leaking sensitive user information

WeWork WiFi vulnerabilities in the Manhattan-based company building which exposed sensitive company data, ...
Read More
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
infosec

TalkTalk hackers have also invaded EtherDelta

US authorities accuse two suspects of hacking EtherDelta (cryptocurrency exchange company) in December ...
Read More
Latest Posts

Millions of Exim servers give root access to hackers. How;

Millions of Exim servers are vulnerable to one security error which can enable attackers to execute malicious code with root privileges.

All Exim servers that are running 4.92.1 version before they are vulnerable, said team of Exim. OR 4.92.2 version released on Friday, September 6, to address the problem.

Exim servers

The problem may not seem significant to many, but Exim is one of the most widespread today software. Exim is a mail transfer agent (MTA), that is, software running in the background of e-mail servers. While email servers often send or receive messages, they also act as a "transponder" for other people's emails. This is basically the job of the MTA.

Exim is the most widely used MTA today, with a market share of over 57%, according to a June 2019 survey. Its success can be attributed to the fact that it has been combined with a multitude of distributions Linux, from Debian until the Red Hat.

Exim servers

Vulnerability

If the Exim server is configured to accept incoming connections TLS, One hacker it can send a malicious backslash-null sequence attached to the end of an SNI package and execute malicious code with root privileges.

The issue was reported in early July by a security researcher named Zerons and has been completely resolved by the Exim team.

The secrecy was justified because of how easily it could be done exploit vulnerability, root access and due to the large number of vulnerable servers.

Valid sources refer to over 5,2 millions of Exim servers running 4.92.1 and above (ie, vulnerable versions).

root

Server owners can mitigate this vulnerability - registered as CVE-2019-15846 - by disabling TLS support for the Exim server. However, this may not be a permanent and 100% secure solution as it exposes email traffic cleartext and makes it vulnerable to sniffing attacks and surveillance.

This mitigation is not recommended for Exim owners living in the EU, as it can expose their companies to data leaks and nasty fines for GDPR.

root

It is worth noting, however, that by default, Exim installations do not have default TLS support. However, there are Exims included in the Linux distros and offer TLS enabled by default. As most server administrators use OS images and few manually execute the Exim download process, most Exim cases are probably vulnerable.

In addition, Exim servers with cPanel, a popular web hosting software, also support TLS by default. The good news is that its creators cPanel directly integrated the Exim patch into a cPanel update.

Security experts warn that Exim's security flaw will be immediately exploited.

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Hack Unamatata

About Hack Unamatata

Take great photos, someone is stalking you

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *