Saturday, May 28, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Qualys found multiple vulnerabilities in Exim mail servers

Qualys found multiple vulnerabilities in Exim mail servers

Exim is a popular mail transfer agent available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian.

Julide Gamze Cecen by Julide Gamze Cecen
May 30, 2021
in Cybersecurity
4 min read
0 0
0
Qualys found multiple vulnerabilities in Exim mail servers
0
SHARES
22
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.

Table of Contents

  • About Exim
  • Exim vulnerabilities
  • Proof of concept
  • Vulnerability Summary

About Exim

Exim is a popular mail transfer agent (MTA) available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian. According to a recent survey, an estimated 60% of internet servers run on Exim. A Shodan search reveals nearly 4 million Exim servers are exposed to the internet.

Mail Transfer Agents are interesting targets for attackers because they are usually accessible over the internet. Once exploited, they could modify sensitive email settings on the mail servers, allow adversaries to create new accounts on the target mail servers. Last year, the vulnerability in the Exim Mail Transfer Agent (MTA) was a target of Russian cyber actors formally known as the sandworm team.

Exim vulnerabilities

Last fall, the Qualys Research Team engaged in a thorough code audit of Exim and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be exploited remotely. Some of them leading to provide root privileges on the remote system. And eleven can be exploited locally with most of them can be exploited in either default configuration or in a very common configuration.

Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server. Most of the vulnerabilities discovered by the Qualys Research Team for e.g. CVE-2020-28017 affects all versions of Exim going back all the way to 2004 (going back to the beginning of its Git history 17 years ago).

Proof of concept

Vulnerability Summary

Successful exploitation of these vulnerabilities would allow a remote attacker to gain full root privileges on the target server and execute commands to install programs, modify data, and create new accounts. Qualys security researchers independently verified these vulnerabilities and developed exploits to obtain full root privileges.

CVE Description Type
CVE-2020-28007 Link attack in Exim’s log directory Local
CVE-2020-28008 Assorted attacks in Exim’s spool directory Local
CVE-2020-28014 Arbitrary file creation and clobbering Local
CVE-2021-27216 Arbitrary file deletion Local
CVE-2020-28011 Heap buffer overflow in queue_run() Local
CVE-2020-28010 Heap out-of-bounds write in main() Local
CVE-2020-28013 Heap buffer overflow in parse_fix_phrase() Local
CVE-2020-28016 Heap out-of-bounds write in parse_fix_phrase() Local
CVE-2020-28015 New-line injection into spool header file (local) Local
CVE-2020-28012 Missing close-on-exec flag for privileged pipe Local
CVE-2020-28009 Integer overflow in get_stdinput() Local
CVE-2020-28017 Integer overflow in receive_add_recipient() Remote
CVE-2020-28020 Integer overflow in receive_msg() Remote
CVE-2020-28023 Out-of-bounds read in smtp_setup_msg() Remote
CVE-2020-28021 New-line injection into spool header file (remote) Remote
CVE-2020-28022 Heap out-of-bounds read and write in extract_option() Remote
CVE-2020-28026 Line truncation and injection in spool_read_header() Remote
CVE-2020-28019 Failure to reset function pointer after BDAT error Remote
CVE-2020-28024 Heap buffer underflow in smtp_ungetc() Remote
CVE-2020-28018 Use-after-free in tls-openssl.c Remote
CVE-2020-28025 Heap out-of-bounds read in pdkim_finish_bodyhash() Remote

See more Cyber Security News


Tags: EximQualys
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

New Ampere Altra Processor on Oracle Cloud Infrastructure

Next Post

7 reasons why your WordPress site is slow

Julide Gamze Cecen

Julide Gamze Cecen

Julide Gamze Cecen is the multimedia editor of the Cloud7 News. Julide is a solid Linux user, opensource and cybersecurity enthusiast and a front-end web application developer.

Related News

Proof-of-concept exploit code for VMware vulnerability released

Proof-of-concept exploit code for VMware vulnerability released

May 27, 2022 6:48 pm
Tor Browser on Tails 5.0 is not safe

Tor Browser on Tails 5.0 is not safe

May 27, 2022 12:32 pm
VMware ESXi servers are being targeted by a new ransomware

VMware ESXi servers are being targeted by a new ransomware

May 26, 2022 2:07 pm
StackPatch unveils new WAF packages

StackPath unveils new WAF packages

May 24, 2022 4:56 pm
Next Post
7 causes why your WordPress site is slow

7 reasons why your WordPress site is slow

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Kali Linux 2022.2 is ready for download

Advertisement

Recent News

  • Proof-of-concept exploit code for VMware vulnerability released
  • WordPress.com unveils WordPress Starter plan
  • Wayland 1.21 Alpha is released
  • AlmaLinux 9 “Emerald Puma” is available for download
  • Zyxel is patching 4 new vulnerabilities

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.