Large Numbers of Email Servers Need to be Patched

Earlier this week; a patch for a potentially serious security vulnerability was made available. This vulnerability affects the Exim Mail Transfer Agent (MTA)(defined).

Details of the vulnerability were privately disclosed (defined) to the application vendor Exim by a security researcher Meh Chang from security firm Devcore Security Consulting in early February.

Why should this vulnerability be considered important?
Due to the pervasiveness of this software across the wider internet and the potential impact an exploit for this issue could have; if you are using the Exim Mail Transfer Agent software within your organisation, it may be at risk of exploitation with the potential for an attacker to achieve remote code execution (RCE)(defined: the ability for an attacker to remotely carry out any action of their choice on your device).

The number of affected MTA server around the world range from 400k, 1.9 million up to approximately 3.8 million (from Shodan (defined).

While the proof of concept (PoC)(defined) exploit for this vulnerability (a one byte buffer overflow (defined) is not trivial (described as “difficult” by the vendor) attackers are likely to try to exploit it given the wide impact it could have if successful.

How can I protect myself from this vulnerability?
Please update any Exim Mail Transfer Agent (MTA) server to version 4.90.1 A useful FAQ which may assist is located here with a wider set of FAQs located here.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.