Scores of vulnerable Exim servers on Australian networks

By on
Scores of vulnerable Exim servers on Australian networks

Millions of mail servers under attack worldwide.

Australian networks continue to host tens of thousands of unpatched Exim installations, despite the mail servers being under active attacks worldwide currently.

Security vendor Qualys warned last week that the popular open source mail server contained a remote command execution flaw introduced with Exim version 4.87 that put millions of installations worldwide at risk.

".... an attacker can execute arbitrary commands with execv(), as root; no memory corruption or ROP (Return-Oriented Programming) is involved," Qualys said in its advisory.

Today, security researcher Amit Serper warned that an attack, possibly by an automated worm, is underway that exploits the vulnerability to gain permanent root access via secure shell (SSH) on Exim servers.

The flaw was patched in Exim 4.92 that was released in February this year.

Despite a fixed version being available, a Shodan.io scan by iTnews found almost 45,000 Exim 4.87-4.91 installations on Australian networks, with 30,924 hosts running Exim 4.92.

New Zealand networks likewise contain thousands of Exim installations reporting version numbers below 4.92 in Shodan scans.

Worldwide, over 4.1 million Exim installations run the vulnerable version of the mail server.

The critical Exim bug (CVE-2019-10149) is rated as 9.8 out of 10 on the common vulnerability scoring system 3.0, with a low attack complexity.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
In Partnership With

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?