Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks

exim email server vulnerability

A crucial distant code execution vulnerability has been found within the well-liked open-source Exim e mail server software program, leaving at the least over half one million e mail servers weak to distant hackers.

Exim maintainers at the moment launched Exim model 4.92.2 after publishing an early warning two days in the past, giving system directors a heads-up on its upcoming safety patches that have an effect on all variations of the e-mail server software program up to and together with then-latest 4.92.1.

Exim is a extensively used, open supply mail switch agent (MTA) software program developed for Unix-like working techniques corresponding to Linux, Mac OSX or Solaris, which runs nearly 60% of the web’s e mail servers at the moment for routing, delivering and receiving e mail messages.

Tracked as CVE-2019-15846, the safety vulnerability solely impacts Exim servers that settle for TLS connections, doubtlessly permitting attackers to achieve root-level entry to the system “by sending an SNI ending in a backslash-null sequence during the initial TLS handshake.”

SNI, stands for Server Name Indication, is an extension of the TLS protocol that enables the server to safely host a number of TLS certificates for a number of websites, all beneath a single IP…


Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial

Enjoy this blog? Please spread the word :)