Cloud Security provider, Qualys, has revealed that a remote command execution (RCE) flaw could impact over half of the email servers. All of these servers are handled by Exim, a mail transfer agent (MTA). Exim uses its software on mail servers to join sender and receiver through a mail. According to June 2019 report, Exim handles 57% mail servers of the Internet. And this remote command execution provided several vulnerability effects to EXIM.
Exim’s installed software on servers was using versions 4.87 and 4.91 before the launch of version 4.92. Both the version have remote command execution flaws which made the servers susceptible to danger. Local and remote hackers could easily hack Exim’s server to run commands. Qualys said that a local hacker could exploit this vulnerability after having a small presence on email server even with a restricted account. And a remote hacker can hack the mail servers by scanning the vulnerable servers on the Internet.
Researchers said, “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days, However, because of the extreme complexity of Exim’s code, we cannot guarantee that this exploitation method is unique; faster methods may exist.” And for this, email checker is preferred for all email related solutions.
Exim was unaware of these flaws in his two software versions 4.97 and 4.91, which were running the mail servers. It came into Exim’s notice when cloud security provider, Qualys audited older version of Exim’s software. Luckily Exim has launched the version 4.92 of the server software since February 10, 2019, which controlled the damage before it could occur.
