Millions of open source Exim email servers have a newly known vulnerability that allows attackers to execute commands, and in some cases, gain all-powerful root privileges.
Exim mail versions impacted
The flaw impacts years worth of releases, going back to April 2016 and version 4.87.
The vulnerability could allow for remote command execution.
In this case, RCE means a hacker could remotely command the mail server and take control of it. How big is the risk here? Well, Exim puts it like this
in the advisory:
"The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The
closer the better."
Exploits for Exim mail servers are likely soon
Exim has not seen any use of this exploit in the wild, but that typically changes a short time after public announcements like this:
Naked Security has a good write-up on this one:
"As Qualys points out, exploits for the flaw are likely to follow within a matter of days. In that scenario, hackers would scan for vulnerable servers, potentially hijacking them. Clearly, this is a flaw admins will want to patch as soon as possible."
The Apache Struts vulnerability that Equifax failed to patch was announced less than 48 hours before hackers used it against the company. We learned about this backstory at a SecureWorld regional conference this year.
Is patching a failure?
Every time urgent patches are released, we can't help but remember our interview with cybersecurity's Bruce Schneier at SecureWorld Boston.
He says patching is a failed paradigm that is near the end of its useful life as the landscape shifts.
Watch on YouTube: our complete interview with Bruce Schneier on the State of Security 2019.