5 May 2021

Millions Exim email servers impacted by dangerous flaws


Millions Exim email servers impacted by dangerous flaws

Millions of unpatched Exim email servers are potentially vulnerable to a set of bugs collectively called ‘21 Nails’ that could expose servers to cyberattacks. The vulnerabilities discovered by researchers at Qualys allow unauthenticated remote hackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.

According to Qualys, the popular mail transfer agent Exim contains 21 vulnerabilities, ten of which can be exploited remotely and other 11 issues are local flaws (the full list can be found here).

‘21 Nails’ flaws impact all versions of Exim before 4.94.2. “Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server,” Qualys said in a blog post.

The researchers noted that discovered vulnerabilities affect all Exim versions "going back all the way to 2004," meaning that most vulnerabilities have been present for 17 years.

According to a Shodan search, there are nearly four million known exposed Exim servers. A SecuritySpace survey from March estimated that 60% of visible mail servers use Exim.

Developers behind Exim have released a security update exim-4.94.2 that contains all changes on the exim-4.94+fixes branch and security fixes. Users are strongly advised to update their Exim instances as soon as possible.


Back to the list

Latest Posts

Suspected Chinese hack affected Verizon, Southern California's water supplier

Suspected Chinese hack affected Verizon, Southern California's water supplier

The breach was part of the cyber-espionage campaign involving Pulse Connect Secure networking devices that came to light in April.
16 June 2021
Paradise ransomware source code leaked on XSS hacker forum

Paradise ransomware source code leaked on XSS hacker forum

The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.
16 June 2021
Apple fixes two iOS zero-days exploited in the wild

Apple fixes two iOS zero-days exploited in the wild

Both bugs affect the WebKit component in Apple iOS and allow remote code execution.
15 June 2021