Bug found impacting more than half of email servers


By Dylan Bushell-Embling
Thursday, 06 June, 2019

Bug found impacting more than half of email servers

Cloud security and compliance company Qualys says it has found a major vulnerability in mail transfer agent Exim that impacts over half of the internet’s email servers.

The vulnerability in Exim versions 4.87 to 4.91 allows remote command execution that could enable both local and remote attackers to run commands at the root of Exim servers.

Qualys has named the vulnerability “the Return of the WIZard” due to its similarities to WIZ vulnerability that impacted the Sendmail email server in 1999.

According to a security advisory released by the company, the “trivially exploitable” vulnerability allows attackers to execute arbitrary commands without needing to exploit memory corruption or return-oriented programming.

The vulnerability can be exploited instantly by a local attacker. Remote attacks require specific non-default configurations to be exploited instantly, but attackers can remotely exploit the vulnerability in the default Exim configuration by keeping a connection to the vulnerable server open for seven days, transmitting one byte every few minutes.

“However, because of the extreme complexity of Exim’s code, we cannot guarantee that this exploitation method is unique; faster methods may exist,” the advisory states.

The vulnerability was fixed in version 4.92, which was released in February and is the latest stable release, but the change that plugged the security gap was not classified as a security fix, suggesting it was plugged by accident.

Qualys expects exploits taking advantage of the vulnerability to be published within days.

Image credit: ©stock.adobe.com/au/sdecoret

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Govt unveils code of practice to boost IoT security

The Australian Government has released a code of practice for IoT devices like smart televisions...

Career opportunities booming in RPA

UiPath has revealed that the COVID-19 pandemic has increased demand for robotic process...

Magento 1 still in wide use despite reaching end of life

Adobe has issued the final patches for version 1 of the popular e-commerce platform Magento, but...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd