Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Millions of Exim servers vulnerable to root-granting exploit

September 8, 2019
in Internet Security
Millions of Exim servers vulnerable to root-granting exploit
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Krzysztof Kowalik

Millions of Exim servers are vulnerable to a security bug that when exploited can grant attackers the ability to run malicious code with root privileges.

All Exim servers running version 4.92.1 and before are vulnerable, the Exim team said in an advisory this week. Version 4.92.2 was released on Friday, September 6, to address the issue.

You might also like

FTC joins 38 states in takedown of massive charity robocall operation

Accellion zero-day claims a new victim in cybersecurity company Qualys

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

The issue might seem unimportant to many, but Exim is one of the most prevalent software today. Exim is a mail transfer agent (MTA), which is software that runs in the background of email servers. While email servers often send or receive messages, they also act as relays for other people’s emails. This is the MTA’s job.

Exim is the most prevalent MTA today, with a market share of over 57%, according to a June 2019 survey. Its success can be attributed to the fact that it’s been bundled with a slew of Linux distros, from Debian to Red Hat.

But this Friday, the Exim team warned of a critical exploit in its software. If the Exim server is configured to accept incoming TLS connections, an attacker can send a malicious backslash-null sequence attached to the ending of an SNI packet and run malicious code with root privileges.

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

🤦‍♂️🤦‍♀️🤦‍♂️🤦‍♀️🤦‍♂️🤦‍♀️ https://t.co/zpx3ZtQMLw

— Bad Packets Report (@bad_packets) September 6, 2019

The issue was reported in early July by a security researcher named Zerons, and has been patched in the utmost secrecy by the Exim team.

The secrecy was justified because of the ease of exploitation, the root access-granting effect, and because of the large number of vulnerable servers.

A BinaryEdge search lists over 5.2 million Exim servers running version 4.92.1 and earlier (the versions that are vulnerable).

exim-be-search.png

Image: ZDNet

ZDNet understands from sources in the threat intel community that there is no public exploit code for this issue, but that crafting an exploit is relatively trivial. Further, there haven’t been any active attacks observed in the wild, but scans for Exim servers have intensified in the last 24 hours.

Server owners can mitigate this vulnerability — tracked as CVE-2019-15846 — by disabling TLS support for the Exim server. However, this may not be an option, as this exposes email traffic in cleartext, and makes it vulnerable to sniffing attacks and interception.

This mitigation is not recommended for Exim owners living in the EU, since this may expose their companies to data leaks, and the subsequent GDPR fines.

However, there is also a catch. By default, Exim installations do not come with TLS support enabled by default. Nonetheless, the Exim instances included with Linux distros do ship with TLS enabled by default. Since most server administrators use OS images, and few go through the process of downloading Exim manually, most Exim instances are most likely vulnerable.

Furthermore, Exim instances that ship with cPanel, a popular web hosting software, also support TLS by default. The good news is that cPanel staff moved quickly to integrate the Exim patch into a cPanel update that they started rolling out to customers.

If you don’t know your Exim’s servers TLS status, the best bet at this point is to install the Exim patch, as this is the only way to fully prevent any active exploitation.

This is the second major Exim vulnerability patched this summer. In June, the Exim team patched CVE-2019-10149, a vulnerability known as “Return of the WIZard,” which also granted attackers the ability to run malicious code with root privileges on remote Exim servers.

The “Return of the WIZard” vulnerability came under active exploitation within a week after public disclosure, and someone crafted an Azure worm three days after that, forcing Microsoft to send out a security alert to all customers.

Security experts fully expect that this latest Exim security flaw will also come under active exploitation.


Credit: Zdnet

Previous Post

AI (Artificial Intelligence) Words You Need To Know

Next Post

An Easy Introduction to Machine Learning Recommender Systems - Predictive Analytics Times

Related Posts

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Next Post
An Easy Introduction to Machine Learning Recommender Systems – Predictive Analytics Times

An Easy Introduction to Machine Learning Recommender Systems - Predictive Analytics Times

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  
Artificial Intelligence

Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  

March 5, 2021
How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU
Machine Learning

How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • FTC joins 38 states in takedown of massive charity robocall operation March 5, 2021
  • Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount March 5, 2021
  • Three Finalists Selected in $4.5 Million Watson AI XPrize Competition   March 5, 2021
  • How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates