Researchers at security biz Qualys discovered 21 vulnerabilities in
Exim, a popular mail server, which can be chained to obtain "a full
remote unauthenticated code execution and gain root privileges on the
The Qualys researchers have now reported on 21 critical vulnerabilities discovered via a code audit, 10 of which can be exploited remotely.
A proof of concept video shows an exploit (developed by Qualys but not
publicly available) in action. "To run the exploit, all we need to do is
point it to the target Exim server IP endpoint," explained researcher
Bharat Jogi. The exploit starts with a use after free bug (where memory
is referenced after it has been freed), then discovers where Exim's configuration resides in memory, and modifies it to "execute an
This opens a Netcat shell, at which point the attacker has a local
terminal as the Exim user. A further vulnerability allows the attacker
to take ownership of any file on the system, because part of the Exim
code runs as root. Ownership of the system password file then gives the
user full root privileges.
That's for starters. And these SOME of these bug-holes have BEEN THERE
FOR A LONG TIME.
"Most of the vulnerabilities are longstanding, the researchers say, with
some going back to the beginning of its Git history (the Exim source
* OUCH * !!!
Debian and derivations use Exim as the mail server by default. If you
are running Exim on your Debian-based distro, you should patch it
IMMEDIATELY, particularly if it listens for incoming mail traffic.
(otherwise you may find your system spreading and serving up malware and
spam and who knows what else...)
"Debian released a security advisory yesterday for its current stable distribution, Buster. At the time of writing, the packages for Debian 9 (Stretch), which is end of life but in long term support, had not yet
been updated. All Exim versions before Exim 4.94.2 are vulnerable."
Get that? ALL EXIM VERSIONS BEFORE 4.94.2 ARE VULNERABLE!!! (check your versions)
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)