{"id":482,"date":"2019-09-10T22:22:13","date_gmt":"2019-09-10T16:52:13","guid":{"rendered":"https:\/\/www.hostnamaste.com\/blog\/?post_type=news&#038;p=482"},"modified":"2019-10-23T18:30:24","modified_gmt":"2019-10-23T13:00:24","slug":"millions-of-exim-servers-vulnerable-to-root-granting-exploit-to-cyber-attacks","status":"publish","type":"news","link":"https:\/\/www.hostnamaste.com\/blog\/news\/millions-of-exim-servers-vulnerable-to-root-granting-exploit-to-cyber-attacks\/","title":{"rendered":"Millions of Exim Servers Vulnerable to root-granting exploit to cyber attacks"},"content":{"rendered":"<figure id=\"attachment_483\" aria-describedby=\"caption-attachment-483\" style=\"width: 325px\" class=\"wp-caption alignleft\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-483\" src=\"https:\/\/www.hostnamaste.com\/blog\/wp-content\/uploads\/2019\/09\/Millions-of-Exim-Servers-Vulnerable-to-root-granting-exploit-to-cyber-attacks-HostNamaste.png\" alt=\"Millions of Exim Servers Vulnerable to root-granting exploit to cyber attacks - HostNamaste\" width=\"325\" height=\"278\" srcset=\"https:\/\/www.hostnamaste.com\/blog\/wp-content\/uploads\/2019\/09\/Millions-of-Exim-Servers-Vulnerable-to-root-granting-exploit-to-cyber-attacks-HostNamaste.png 419w, https:\/\/www.hostnamaste.com\/blog\/wp-content\/uploads\/2019\/09\/Millions-of-Exim-Servers-Vulnerable-to-root-granting-exploit-to-cyber-attacks-HostNamaste-300x257.png 300w\" sizes=\"auto, (max-width: 325px) 100vw, 325px\" \/><figcaption id=\"caption-attachment-483\" class=\"wp-caption-text\"><a href=\"https:\/\/www.hostnamaste.com\/blog\/how-to-stay-secure-from-cyber-attacks\/\"><span style=\"color: #99cc00; font-family: Verdana, Geneva; font-size: 12pt;\">Millions of Exim Servers Vulnerable to root-granting exploit to cyber attacks &#8211; HostNamaste<\/span><\/a><\/figcaption><\/figure>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">A critical vulnerability has been found in millions of\u00a0<a href=\"https:\/\/exim.org\/static\/doc\/security\/CVE-2019-15846.txt\" target=\"_blank\" rel=\"noopener noreferrer\">Exim servers<\/a>\u00a0which once exploited can enable potential attacker to run arbitrary code with root privileges.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">All versions of Exim servers up to and including 4.92.1 that accept TLS connections are vulnerable, according to Exim team.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\"><em>\u201cThe vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC,\u201d<\/em>\u00a0wrote Exim in a recent\u00a0<a href=\"https:\/\/exim.org\/static\/doc\/security\/CVE-2019-15846.txt\" target=\"_blank\" rel=\"noopener noreferrer\">advisory<\/a>.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">The Exim team on September 4\u00a0<a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2019\/09\/04\/1\" target=\"_blank\" rel=\"noopener noreferrer\">published a warning<\/a>\u00a0on OSS Security mailing list regarding the security bug that was affecting Exim. On Friday, the team released the version 4.92.2 to address the critical issue.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">This vulnerability in the Exim server (CVE-2019-15846) was discovered in July by a security researcher called \u201cZerons\u201d. It allows an unauthenticated attacker to take advantage of the TLS ServerName Indicator and use this to send malicious code on servers that accept TLS connections.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">The Exim software is a mail transfer agent (MTA) that works as a general and flexible mailer with extensive facilities for checking incoming e-mail. This software is widely popular, available for Linux and Windows, and is used by millions of internet-facing hosts. It is\u00a0<a href=\"http:\/\/www.securityspace.com\/s_survey\/data\/man.201907\/mxsurvey.html\" target=\"_blank\" rel=\"noopener noreferrer\">estimated<\/a>\u00a0to have served 57% of publicly reachable email servers on the <a href=\"https:\/\/www.hostnamaste.com\/blog\/news\/internet-domain-names-will-soon-be-available-in-indian-regional-scripts\/\">internet<\/a>.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">Exim has full control of emails in cPanel. Thus, this issue is serious as remote access by any unknown attacker would lead to get the complete control of a vulnerable Exim server.<\/span><\/p>\n<p><span style=\"font-family: Verdana, Geneva; font-size: 12pt;\">The Exim advisory highly encourages to update to the latest Exim 4.92.2 version immediately. In case users are unable to install the new version, they can simply ask their package maintainer for the updated version containing the backported fix. <a href=\"https:\/\/www.dailyhostnews.com\/millions-of-exim-email-servers-vulnerable-to-cyber-attacks\" target=\"_blank\" rel=\"noopener\">READ MORE HERE<\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical vulnerability has been found in millions of&nbsp;Exim servers&nbsp;which once exploited can enable potential attacker to run arbitrary code with root privileges. All versions&hellip;<\/p>\n","protected":false},"author":2,"featured_media":483,"comment_status":"open","ping_status":"closed","template":"","tags":[581,578,577,576,579,580],"news-category":[380,575,573,574,398],"class_list":["post-482","news","type-news","status-publish","has-post-thumbnail","hentry","tag-cyber-attacks","tag-exim-server","tag-exim-servers","tag-exim-servers-vulnerable","tag-mail-transfer-agent","tag-mta","news-category-cpanel","news-category-cyber-attacks","news-category-exim-servers-vulnerable","news-category-internet","news-category-vulnerability"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/news\/482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/types\/news"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/comments?post=482"}],"version-history":[{"count":0,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/news\/482\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/media\/483"}],"wp:attachment":[{"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/media?parent=482"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/tags?post=482"},{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.hostnamaste.com\/blog\/wp-json\/wp\/v2\/news-category?post=482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}