Summary
A vulnerability has been discovered in Exim, which could allow for unauthenticated remote attackers to execute arbitrary system commands on the mail server. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- The vulnerability is relatively easy to exploit; it’s probable that attackers will be searching for and exploiting vulnerable versions of this software soon. Proof of Concept code is available [1]
Vulnerable
-
Exim versions prior to 4.92.3 [2]
Recommendations
-
Apply appropriate patches provided by Exim to vulnerable systems immediately after appropriate testing.
-
Verify no unauthorized system modifications have occurred on system before applying patch.
-
Apply the principle of Least Privilege to all systems and services.
-
Remind users not to open emails, download attachments, or follow links provided by unknown or untrusted sources.