Friday, January 22, 16:46
Home security Millions of Exim servers give root access to hackers. How;

Millions of Exim servers give root access to hackers. How;

Millions of Exim servers are vulnerable to one security error which can enable attackers to execute malicious code with root privileges.

All Exim servers that are running 4.92.1 version before they are vulnerable, said team of Exim. OR 4.92.2 version released on Friday, September 6, to address the problem.

Exim servers

The problem may not seem significant to many, but Exim is one of the most widespread today software. Exim is a mail transfer agent (MTA), that is, software running in the background of e-mail servers. While email servers often send or receive messages, they also act as a "transponder" for other people's emails. This is basically the job of the MTA.

Exim is the most widely used MTA today, with a market share of over 57%, according to a June 2019 survey. Its success can be attributed to the fact that it has been combined with a multitude of distributions Linux, from Debian until the Red Hat.

Exim servers


If the Exim server is configured to accept incoming connections TLS, One hacker it can send a malicious backslash-null sequence attached to the end of an SNI package and execute malicious code with root privileges.

The issue was reported in early July by a security researcher named Zerons and has been completely resolved by the Exim team.

The secrecy was justified because of how easily it could be done exploit vulnerability, root access and due to the large number of vulnerable servers.

Valid sources refer to over 5,2 millions of Exim servers running 4.92.1 and above (ie, vulnerable versions).


Server owners can mitigate this vulnerability - registered as CVE-2019-15846 - by disabling TLS support for the Exim server. However, this can not be a permanent and 100% safe solution, as he states email traffic cleartext and makes it vulnerable to sniffing attacks and surveillance.

This mitigation is not recommended for Exim owners living in the EU, as it can expose their companies to data leaks and nasty fines for GDPR.


It is worth noting, however, that by default, Exim installations do not have default TLS support. Nevertheless, there are Exim included in Linux distros and offer TLS enabled by default. As most server administrators use OS images and few manually execute the Exim download process, most Exim cases are probably vulnerable.

In addition, Exim servers with cPanel, a popular web hosting software, also support TLS by default. The good news is that its creators cPanel directly integrated the Exim patch into a cPanel update.

Security experts warn that Exim's security flaw will be immediately exploited.


Please enter your comment!
Please enter your name here


Bitcoin helps the middle class survive the pandemic

Regulators still imply that Bitcoin is just a tool for criminals, but it seems that for the middle class ...

Lightworks 2021.1 for Linux, Mac and Windows has been released

Lightworks Professional Multi-Platform Video Editing Software received the first major update to Lightworks 2021.1 for Windows, Linux and Mac.

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...

United Kingdom: Malware infects laptops delivered to students

In the context of e-learning implemented in many countries since the outbreak of the COVID-19 pandemic, governments are distributing the necessary equipment ...

iOS 14.4: Anti-tracking feature released to developers

Apple yesterday released to developers "Release Candidates" for iOS 14.4 and the corresponding iPad. It is probably the last step ...

Sophos: "Iranian company behind MrbMiner crypto-mining botnet"!

Cybersecurity company Sophos says it has uncovered links between MrbMiner crypto-mining botnet operators and a small Iranian development company ...

A minor sued Twitter for not removing child pornography material

According to court documents, Twitter received a lawsuit as it allegedly refused to remove child pornography content from its site ....

Microsoft Edge will notify you if your password is compromised

A new built-in password generator and a possibility to monitor the credentials that have leaked to Windows and macOS systems, is released by ...