Exim, Internet Mail Software, Flaw Causes Problems

Needless to say a flaw in an older version of Exim (4.92.1) had a serious problem or flaw that became CVE-2019-15846:

I like to point out some problems that come up that are interesting… This Software is needed in Mail servers and is not obviously known to most people. But if a company does have it now needs to be upgraded.

Notice there were many releases of this software before someone found the vulnerability , here is the CVE information from Bugtraq:

Description- Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

 

Bugtraq has an interesting explanation :

"Zerons" and Qualys discovered that a buffer overflow triggerable in the
TLS negotiation code of the Exim mail transport agent could result in the
execution of arbitrary code with root privileges.


 

So it seems that hackers found the flaw and it was patched quickly… But the administrators still need to install and update. So as usual here is the weak point – administrators which are already stressed have to do some off-hours updates sooner than later.

Contact Us to discuss

 

 

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.