Did you hear about the Exim email server vulnerabilities?
“If social media is the cocktail party, then email is the ‘meet up for coffee’. The original 1 to 1 channel.” – Erik Harbison
Qualys’s security researchers have uncovered multiple security flaws, dubbed 21Nails, in Exim – the most widely used and popular mail transfer agent (MTA).
Exim’s MTA powers 60% of the email servers on the Internet (that’s about 4M devices) and any vulnerabilities can – and will – be critical and pose a major threat to Internet security. Not to mention the consequences when cybercriminals get their malicious digital hands on these security flaws.
According to Qualys, 11 of the security flaws can be exploited locally with the remaining 10 exploited remotely. What’s even worse is that several of the remotely exploitable vulnerabilities can be chained together with local privilege escalation flaws to create “a full remote unauthenticated code execution attack” and gain root privileges on the Exim server.
The security vulnerabilities go back to the beginning of Exim in the distant 2004. Thus, Qualys’s Bharat Jogi strongly urges admins to update to Exim version 4.94.2 as soon as possible and apply the released patches immediately.
To learn more about Exim Email Server vulnerabilities straight from the horse’s mouth, visit Exim’s security docs page.
Do you have any suggestions or ideas about which email industry news topics you’d like us to look out for in the future? Write your requests below. We’ll keep an eye (or two) out so you don’t have to – and all for FREE, of course.
EmailOut offers the most generous freemium email marketing software product for professional micro-businesses and SMEs across the globe coupled with the very best rates for large volume corporate senders. Take a look now.