Mail Server (MTA) Market share:

Server Type Number of Servers Percent
Exim 507,200 57.13%
Postfix 308,036 34.70%
Sendmail 34,948 3.94%
MailEnable 18,921 2.13%
MDaemon 7,464 0.84%
Microsoft 4,706 0.53%
IMail 1,375 0.15%
CommuniGate Pro 1,263 0.14%
XMail 783 0.09%
Qmail Toaster 577 0.06%
Lotus Domino 515 0.06%
WinWebMail 496 0.06%
SurgeSMTP 489 0.06%
Kerio 251 0.03%

The vulnerability allows to remotely execute code and gain system access with root privileges

In popular software for mail servers, Exim discovered a critical vulnerability (CVE-2019-15846), which allows to remotely execute code and gain system access with root privileges. The fix for the security issue, and its detailed description will be published on Friday, September 6. To prevent attacks using CVE-2019-15846 recommended to update Exim to version 4.92.2 or later.

To remember proekspluatirovat vulnerability can an authorized user or an attacker are on the same network as the affected device. It can also be remember proekspluatirovat remotely if the server is connected to the Internet.

As reported by one of the developers of Exim, Letterman Heiko (Heiko Schlitterman), he and his colleagues became aware of the vulnerability on September 3. The next day, the subscribers of the mailing list received notice of the impending patch which will be released on 6 September.

According to Litterman, yet a full working exploit for the vulnerability exists. However, there are primitive PoC-exploit, in connection with which administrators are urged to install the update as soon as possible.

The patch is the biggest update since the release of version Exim 4.92.1, released in July of this year. The update also fixed a critical vulnerability ( CVE-2019-13917 ), allows remotely to execute code with root privileges when a non-standard configuration settings.

Subscribe to channels “SecurityLab” in TelegramTelegram and Yandex.ZenYandex.Zen, be the first to hear about news and exclusive materials on information security.