BTC $64486.1556
ETH $3493.5274
BNB $586.7387
SOL $134.6672
stETH $3495.2913
XRP $0.4867
DOGE $0.1240
TON $7.2057
ADA $0.3760
wstETH $4088.5086
TRX $0.1188
WETH $3488.5671
WBTC $64295.8483
AVAX $25.3097
UNI $9.9993
DOT $5.6473
LINK $13.7522
BCH $386.2148
MATIC $0.5665
weETH $3632.7427
LTC $74.0929
DAI $1.0007
PEPE $0.0000
RNDR $7.4609
BSC-USD $1.0007
FET $1.5399
CAKE $2.2330
ICP $8.2147
ezETH $3513.4372
USDE $1.0010
KAS $0.1464
ETC $23.4356
NEAR $5.2921
IMX $1.5404
APT $6.8279
XMR $162.4862
HBAR $0.0781
MNT $0.8030
ENS $25.6418
FDUSD $1.0003
OKB $41.8833
ONDO $1.2088
FIL $4.4138
STX $1.6530
MKR $2475.1037
ATOM $6.7546
SUI $0.9046
BTC $64486.1556
ETH $3493.5274
BNB $586.7387
SOL $134.6672
stETH $3495.2913
XRP $0.4867
DOGE $0.1240
TON $7.2057
ADA $0.3760
wstETH $4088.5086
TRX $0.1188
WETH $3488.5671
WBTC $64295.8483
AVAX $25.3097
UNI $9.9993
DOT $5.6473
LINK $13.7522
BCH $386.2148
MATIC $0.5665
weETH $3632.7427
LTC $74.0929
DAI $1.0007
PEPE $0.0000
RNDR $7.4609
BSC-USD $1.0007
FET $1.5399
CAKE $2.2330
ICP $8.2147
ezETH $3513.4372
USDE $1.0010
KAS $0.1464
ETC $23.4356
NEAR $5.2921
IMX $1.5404
APT $6.8279
XMR $162.4862
HBAR $0.0781
MNT $0.8030
ENS $25.6418
FDUSD $1.0003
OKB $41.8833
ONDO $1.2088
FIL $4.4138
STX $1.6530
MKR $2475.1037
ATOM $6.7546
SUI $0.9046
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Millions of Exim mail servers are vulnerable to RCE zero-day attacks

    Vulnerabilities in Exim require immediate action.

    Due to serious vulnerabilities, many servers that use the Exim mail transfer agent are now potential targets for attacks. These flaws enable remote execution of malicious code without user interaction.

    The Zero Day Initiative (ZDI) first alerted the public to the issues on Wednesday, but it wasn't until Friday that the information was made public after being posted on a security mailing list. Four of the six bugs that were found permit remote code execution and have a rating between 7.5 and 9.8 out of 10. Exim confirmed that three vulnerabilities have fixes that are already available in a private repository, but it is not clear what the situation is with the others.

    Exim is installed on more than 56% of the 602,000 mail servers that are accessible via the Internet, or just over 342,000 Exim servers, according to the survey. Currently, just over 3.5 million Exim servers are active online, with the majority of them located in the United States, followed by Russia and Germany, according to Shodan search. One of the most serious flaws, designated CVE-2023-42115, is a component of Exim's authentication system. The flaw enables remote code execution by an unauthenticated user. Stack overflow vulnerability CVE-2023-42116 is another flaw that permits remote code execution. After a successful attack, these kinds of problems may cause software to crash or data to become corrupt, but attackers may also use the vulnerability to run programs or issue orders to vulnerable servers.

    In a security advisory released on Wednesday, ZDI stated that the smtp service, which by default listens on TCP port 25, "exists with a specific flaw."

    "The problem is caused by improper user data validation, which could lead to an out-of-bounds write. This vulnerability could be used by an attacker to execute code as a service account.

    Exim's disclosure of information about vulnerabilities drew criticism from some quarters. ZDI claims that it first alerted Exim to the issues in June 2022, but active engagement did not start until May 2023.

    ZDI advised administrators to restrict remote access from the Internet to stop incoming hacking attempts because a patch to defend vulnerable Exim servers from potential attacks is not yet available.

    Limiting interaction with the application is the only practical mitigation strategy, according to ZDI, given the nature of the vulnerability.

    Administrators may run into issues when attempting to protect their systems because they are unsure of how to get patches. New vulnerabilities may catch the attention of attackers given that the hacker group Sandworm used an Exim vulnerability to attack US government networks in 2020. It wouldn't be shocking if attackers tried to profit from new Exim vulnerabilities once they were made public.

    Author reign3d
    Upgrading your crypto protection from TrueCrypt to VeraCrypt 1.26
    Inside the Dark Web Economy: The Shocking Value of Your Personal Information

    Comments 0

    Add comment