Friday, January 22, 08:30
Home security New critical vulnerability puts Exim mail servers at risk

New critical vulnerability puts Exim mail servers at risk

vulnerabilityResearchers have discovered the existence a critical vulnerability in the Exim e-mail server software. The vulnerability could allow attackers to invade the victim's system remotely and perform malicious code servers.

Exim email server administrators have released one emergency security update, Exim version 4.92.3. All versions of 4.92 to 4.92.2 are vulnerable.

Exim is a very popular open-source software (mail transfer agent-MTA). It is designed for Unix functional systems, such as Linux, Mac OSX or Solaris. This means it runs at almost 60% of e-mail servers.

Exim administrators also issued another emergency security update early in the month to fix a critical vulnerability (CVE-2019-15846), which also allowed remote code execution. Through it, the hackers could gain administrator rights in the victim's system.

The new vulnerability is called CVE-2019-16928 and was discovered by Jeremy Harris from his research team Exim. This is a vulnerability heap-based buffer overflow.

The attackers could take advantage of the vulnerability to realize one remote denial of service attack or run malicious code on the Exim mail server.

A few months ago, Exim found another vulnerability (CVE-2019-10149), which was used by hackers to attack vulnerable servers. Exim administrators made sure to fix it error as soon as they discovered his existence.

It seems that Exim mail is quite vulnerable to security bugs that hackers are willing to exploit. Users and server administrators should install the latest version of Exim, 4.92.3, as soon as possible, to address the issue security and not endangering their system.

Administrators have released the security update for distributions Linux, including Ubuntu, Arch Linux, Fedora, FreeBSD and Debian.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...