Yesterday we have publish a security bulletin SB2019060505 describing remote code execution vulnerability in Exim MTA. According to the recent survey, Exim is used by 57% (507,389) of all mail servers worldwide.

The flaw affects Exim installations running versions 4.87 to 4.91 and allows local and remote attackers to execute arbitrary commands with execv() call. The major concern in here is that the code will be executed with root privileges.

The vulnerability can be exploited instantly by a local attacker with the access (even having low level account) to an email server. Remote exploitation of this bug requires an attacker to maintain a connection to the vulnerable server for 7 days (by transmitting one byte every few minutes).

It is recommended to install the latest version Exim 4.92 ASAP.