Scores of vulnerable Exim servers on Australian networks

By

Millions of mail servers under attack worldwide.

Australian networks continue to host tens of thousands of unpatched Exim installations, despite the mail servers being under active attacks worldwide currently.

Scores of vulnerable Exim servers on Australian networks

Security vendor Qualys warned last week that the popular open source mail server contained a remote command execution flaw introduced with Exim version 4.87 that put millions of installations worldwide at risk.

".... an attacker can execute arbitrary commands with execv(), as root; no memory corruption or ROP (Return-Oriented Programming) is involved," Qualys said in its advisory.

Today, security researcher Amit Serper warned that an attack, possibly by an automated worm, is underway that exploits the vulnerability to gain permanent root access via secure shell (SSH) on Exim servers.

The flaw was patched in Exim 4.92 that was released in February this year.

Despite a fixed version being available, a Shodan.io scan by iTnews found almost 45,000 Exim 4.87-4.91 installations on Australian networks, with 30,924 hosts running Exim 4.92.

New Zealand networks likewise contain thousands of Exim installations reporting version numbers below 4.92 in Shodan scans.

Worldwide, over 4.1 million Exim installations run the vulnerable version of the mail server.

The critical Exim bug (CVE-2019-10149) is rated as 9.8 out of 10 on the common vulnerability scoring system 3.0, with a low attack complexity.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?