Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Vulnerability Found in Millions of Email Systems
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
1 Min Read
Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations.
An MTA functions much like a router dedicated to email. Researchers have found more than 4.1 million systems are potentially vulnerable to the flaw.
Exim's maintainers acknowledged the vulnerability (CVE-2019-10149) on June 3. Present in Exim 4.87 through 4.91, the vulnerability could allow an attacker to execute commands as root, with no privilege escalation required.
According to researchers at Tenable, no exploits have been seen in the wild, though they expect at least proof-of-concept exploits to appear in the near future. In the meantime, the vulnerability has been patched, though a Shodan scan executed by Tenable researchers on June 6 showed just 475,591 running updated and patched versions of Exim.
About the Author
You May Also Like
More Insights
