Researchers have discovered the existence a critical vulnerability in the Exim e-mail server software. The vulnerability could allow attackers to invade the victim's system remotely and perform malicious code servers.
Exim email server administrators have released one emergency security update, Exim version 4.92.3. All versions of 4.92 to 4.92.2 are vulnerable.
Exim is a very popular open-source software (mail transfer agent-MTA). It is designed for Unix functional systems, such as Linux, Mac OSX or Solaris. This means it runs at almost 60% of e-mail servers.
Exim administrators also issued another emergency security update early in the month to fix a critical vulnerability (CVE-2019-15846), which also allowed remote code execution. Through it, the hackers could gain administrator rights in the victim's system.
The new vulnerability is called CVE-2019-16928 and was discovered by Jeremy Harris from his research team Exim. This is a vulnerability heap-based buffer overflow.
A few months ago, Exim found another vulnerability (CVE-2019-10149), which was used by hackers to attack vulnerable servers. Exim administrators made sure to fix it error as soon as they discovered his existence.
It seems that Exim mail is quite vulnerable to security bugs that hackers are willing to exploit. Users and server administrators should install the latest version of Exim, 4.92.3, as soon as possible, to address the issue security and not endangering their system.
Administrators have released the security update for distributions Linux, including Ubuntu, Arch Linux, Fedora, FreeBSD and Debian.