Thousands of Servers at Risk Due to Critical EXIM Vulnerabilities
Thousands of servers using the EXIM post transmission agent have become a potential target for attacks due to critical vulnerabilities. These vulnerabilities allow for the remote execution of harmful code without any user interaction.
The zero day initiative (ZDI) has issued a warning about the problem on Wednesday, however, the information was only made publicly available on Friday through the publication in security newsletters. Among the six errors found, four of them enable remote code execution with a severity rating ranging from 7.5 to 9.8 out of 10. Exim has confirmed that fixes for three vulnerabilities are already available in a private repository, but the status of the remaining vulnerabilities is still unclear.
Exim, an open-source postal transmission agent, is currently being used on 253,000 servers on the Internet.
| Vulnerability | Description |
|---|---|
| CVE-2023-42115 | Associated with the Exim component responsible for authentication, this vulnerability allows for remote unauthorized code execution. |
| CVE-2023-42116 | Associated with stack overflow, this vulnerability also enables remote code execution. |
Critics have expressed their dissatisfaction with the way Exim has disclosed information about these vulnerabilities. ZDI claims to have notified EXIM about the problems back in June 2022, however, active collaboration only began in May 2023.
Due to the lack of information on how to obtain the necessary fixes, administrators may face difficulties in protecting their systems. It is worth noting that the Sandworm hacker group exploited the EXIM vulnerability to attack the US government in 2020. The emergence of new vulnerabilities may attract the attention of attackers once again