Needless to say a flaw in an older version of Exim (4.92.1) had a serious problem or flaw that became CVE-2019-15846:
I like to point out some problems that come up that are interesting… This Software is needed in Mail servers and is not obviously known to most people. But if a company does have it now needs to be upgraded.
Notice there were many releases of this software before someone found the vulnerability , here is the CVE information from Bugtraq:
Description- Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
Bugtraq has an interesting explanation :
"Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.
So it seems that hackers found the flaw and it was patched quickly… But the administrators still need to install and update. So as usual here is the weak point – administrators which are already stressed have to do some off-hours updates sooner than later.
Contact Us to discuss