News

21Nails vulnerabilities in Exim affect 60% of all mail servers on the web

The Exim mail server software support team has released fixes for 21 vulnerabilities known as 21Nails, which allows taking control of a server using both local and remote attack vectors.

A series of vulnerabilities “21Nails” was discovered by Qualys specialists.

With its help, attackers can take control of the server in order to intercept or interact with e-mails passing through it.

The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.researchers explain.

21Nails includes 11 vulnerabilities that require local access to the server to exploit, and 10 vulnerabilities that can be exploited remotely.

The problem affects all versions of Exim released in the last 17 years (since 2004).

Reference:

Exim is a popular mail transfer agent (MTA) available for major Unix-like operating systems and pre-installed on Linux distributions such as Debian. According to a recent survey, about 60% of Internet servers are running Exim. A Shodan search reveals that nearly 4 million Exim servers are connected to the Internet.

To avoid possible cyberattacks, server owners are strongly advised to update them to version 4.94.

Previous vulnerabilities in Exim, disclosed in 2019-2020, were actively exploited by hacker groups, both financially motivated and working for the government.

Most of the vulnerabilities discovered by the Qualys Research Team for e.g. CVE-2020-28017 affects all versions of Exim going back all the way to 2004 (going back to the beginning of its Git history 17 years ago).The Qualys Research Team specialists told.

However, more often than not, attackers exploited a vulnerability (CVE-2019-10149) known as Return of the WIZard.

Qualys researchers say they will not publish exploits for all 21Nails Exim vulnerabilities. However, the Exim command notification contains enough information to enable attackers to design effective exploits.

Let me also remind you of another rather sensational critical vulnerability: WSJ Says Microsoft Partners May Be Involved in Cyberattack on Exchange Servers.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button