21 critical vulnerabilities have been discovered in the Exim Email server, some of which can be exploited to perform full remote unauthenticated code execution and gain root privilege on the server.
The Exim Mail Transfer Agent powers 60% of the email servers on the internet – about 4 million devices. In a recent blog post the research team at security firm Qualys detailed the 21 vulnerabilities they discovered – most are present in all versions of the Exim code back to 2004. This means that all versions before Exim-4.94.2 are vulnerable.
10 of the vulnerabilities can be exploited remotely and 11 can be exploited locally – with most of them able to be exploited in default or commonly used configurations.
According to the team at Qualys:
Successful exploitation of these vulnerabilities would allow a remote attacker to gain full root privileges on the target server and execute commands to install programs, modify data, and create new accounts. Qualys security researchers independently verified these vulnerabilities and developed exploits to obtain full root privileges.
Exim is usually distributed as part of a Linux distro (such as Debian) and so updates will come through the update mechanism provided by the distro. Alternatively, patches can be obtained directly from Exim. The patches to resolve 21Nails are included in version 4.94.2.