• serious vulns in Exim, remotely exploitable

    From Big Bad Bob@21:1/5 to All on Wed May 5 10:50:09 2021

    Researchers at security biz Qualys discovered 21 vulnerabilities in
    Exim, a popular mail server, which can be chained to obtain "a full
    remote unauthenticated code execution and gain root privileges on the
    Exim Server."

    The Qualys researchers have now reported on 21 critical vulnerabilities discovered via a code audit, 10 of which can be exploited remotely.

    A proof of concept video shows an exploit (developed by Qualys but not
    publicly available) in action. "To run the exploit, all we need to do is
    point it to the target Exim server IP endpoint," explained researcher
    Bharat Jogi. The exploit starts with a use after free bug (where memory
    is referenced after it has been freed), then discovers where Exim's configuration resides in memory, and modifies it to "execute an
    arbitrary command."

    This opens a Netcat shell, at which point the attacker has a local
    terminal as the Exim user. A further vulnerability allows the attacker
    to take ownership of any file on the system, because part of the Exim
    code runs as root. Ownership of the system password file then gives the
    user full root privileges.

    That's for starters. And these SOME of these bug-holes have BEEN THERE

    "Most of the vulnerabilities are longstanding, the researchers say, with
    some going back to the beginning of its Git history (the Exim source
    code repository)."

    * OUCH * !!!

    Debian and derivations use Exim as the mail server by default. If you
    are running Exim on your Debian-based distro, you should patch it
    IMMEDIATELY, particularly if it listens for incoming mail traffic.

    (otherwise you may find your system spreading and serving up malware and
    spam and who knows what else...)

    "Debian released a security advisory yesterday for its current stable distribution, Buster. At the time of writing, the packages for Debian 9 (Stretch), which is end of life but in long term support, had not yet
    been updated. All Exim versions before Exim 4.94.2 are vulnerable."

    Get that? ALL EXIM VERSIONS BEFORE 4.94.2 ARE VULNERABLE!!! (check your versions)

    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)