critical vulnerability discovered in Exim (CVE-2019-15846) – snapshot and update now

06.Sep.2019

Administration / Server, Mail / Communication / Groupware

Mail Server (MTA) Market share:

Server Type	Number of Servers	Percent
Exim	507,200	57.13%
Postfix	308,036	34.70%
Sendmail	34,948	3.94%
MailEnable	18,921	2.13%
MDaemon	7,464	0.84%
Microsoft	4,706	0.53%
IMail	1,375	0.15%
CommuniGate Pro	1,263	0.14%
XMail	783	0.09%
Qmail Toaster	577	0.06%
Lotus Domino	515	0.06%
WinWebMail	496	0.06%
SurgeSMTP	489	0.06%
Kerio	251	0.03%

http://www.securityspace.com/s_survey/data/man.201908/mxsurvey.html

The vulnerability allows to remotely execute code and gain system access with root privileges

In popular software for mail servers, Exim discovered a critical vulnerability (CVE-2019-15846), which allows to remotely execute code and gain system access with root privileges. The fix for the security issue, and its detailed description will be published on Friday, September 6. To prevent attacks using CVE-2019-15846 recommended to update Exim to version 4.92.2 or later.

To remember proekspluatirovat vulnerability can an authorized user or an attacker are on the same network as the affected device. It can also be remember proekspluatirovat remotely if the server is connected to the Internet.

As reported by one of the developers of Exim, Letterman Heiko (Heiko Schlitterman), he and his colleagues became aware of the vulnerability on September 3. The next day, the subscribers of the mailing list received notice of the impending patch which will be released on 6 September.

According to Litterman, yet a full working exploit for the vulnerability exists. However, there are primitive PoC-exploit, in connection with which administrators are urged to install the update as soon as possible.

The patch is the biggest update since the release of version Exim 4.92.1, released in July of this year. The update also fixed a critical vulnerability ( CVE-2019-13917 ), allows remotely to execute code with root privileges when a non-standard configuration settings.

Subscribe to channels “SecurityLab” in

Telegram and

Yandex.Zen, be the first to hear about news and exclusive materials on information security.

Подробнее: https://www.securitylab.ru/news/500863.php

liked this article?

only together we can create a truly free world
plz support dwaves to keep it up & running!
(yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
really really hate advertisement
contribute: whenever a solution was found, blog about it for others to find!
talk about, recommend & link to this blog and articles
thanks to all who contribute!

admin