Thursday, March 30, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Qualys found multiple vulnerabilities in Exim mail servers

Qualys found multiple vulnerabilities in Exim mail servers

Exim is a popular mail transfer agent available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian.


Julide Gamze Cecen Julide Gamze Cecen
May 30, 2021
4 min read
Qualys found multiple vulnerabilities in Exim mail servers

The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.

Table of Contents

  • About Exim
  • Exim vulnerabilities
  • Proof of concept
  • Vulnerability Summary

About Exim

Exim is a popular mail transfer agent (MTA) available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian. According to a recent survey, an estimated 60% of internet servers run on Exim. A Shodan search reveals nearly 4 million Exim servers are exposed to the internet.

Mail Transfer Agents are interesting targets for attackers because they are usually accessible over the internet. Once exploited, they could modify sensitive email settings on the mail servers, allow adversaries to create new accounts on the target mail servers. Last year, the vulnerability in the Exim Mail Transfer Agent (MTA) was a target of Russian cyber actors formally known as the sandworm team.

Exim vulnerabilities

Last fall, the Qualys Research Team engaged in a thorough code audit of Exim and discovered 21 unique vulnerabilities. Ten of these vulnerabilities can be exploited remotely. Some of them leading to provide root privileges on the remote system. And eleven can be exploited locally with most of them can be exploited in either default configuration or in a very common configuration.

Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server. Most of the vulnerabilities discovered by the Qualys Research Team for e.g. CVE-2020-28017 affects all versions of Exim going back all the way to 2004 (going back to the beginning of its Git history 17 years ago).

Proof of concept

Vulnerability Summary

Successful exploitation of these vulnerabilities would allow a remote attacker to gain full root privileges on the target server and execute commands to install programs, modify data, and create new accounts. Qualys security researchers independently verified these vulnerabilities and developed exploits to obtain full root privileges.

CVE Description Type
CVE-2020-28007 Link attack in Exim’s log directory Local
CVE-2020-28008 Assorted attacks in Exim’s spool directory Local
CVE-2020-28014 Arbitrary file creation and clobbering Local
CVE-2021-27216 Arbitrary file deletion Local
CVE-2020-28011 Heap buffer overflow in queue_run() Local
CVE-2020-28010 Heap out-of-bounds write in main() Local
CVE-2020-28013 Heap buffer overflow in parse_fix_phrase() Local
CVE-2020-28016 Heap out-of-bounds write in parse_fix_phrase() Local
CVE-2020-28015 New-line injection into spool header file (local) Local
CVE-2020-28012 Missing close-on-exec flag for privileged pipe Local
CVE-2020-28009 Integer overflow in get_stdinput() Local
CVE-2020-28017 Integer overflow in receive_add_recipient() Remote
CVE-2020-28020 Integer overflow in receive_msg() Remote
CVE-2020-28023 Out-of-bounds read in smtp_setup_msg() Remote
CVE-2020-28021 New-line injection into spool header file (remote) Remote
CVE-2020-28022 Heap out-of-bounds read and write in extract_option() Remote
CVE-2020-28026 Line truncation and injection in spool_read_header() Remote
CVE-2020-28019 Failure to reset function pointer after BDAT error Remote
CVE-2020-28024 Heap buffer underflow in smtp_ungetc() Remote
CVE-2020-28018 Use-after-free in tls-openssl.c Remote
CVE-2020-28025 Heap out-of-bounds read in pdkim_finish_bodyhash() Remote

See more Cybersecurity News

A comprehensive guide to understanding Cybersecurity: What is Cybersecurity?


Tags: EximQualys
Julide Gamze Cecen

Julide Gamze Cecen

Julide is the video editor of Cloud7. Graduated from Marmara University, Faculty of Communication, Department of Cinema, she also studied professional journalism and documentary photography, published news files and photography works in many national and international publications, took roles as coordinator and assistant director in international photography organizations and cinema projects. She taught documentary cinema and documentary photography at universities and academies of fine arts, and worked as an independent documentary director. She worked as an assistant director and editor in children's and youth programs, and directed & edited in serials. Julide also worked as a project consultant and director supported by the European Union, video works of foreign education projects, coordination of promotional shoots, as well as international photography organizations for 6 years. She received awards in national and international categories for her documentary photography works. As an independent filmmaker, she produces screenplays and film projects.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
7 causes why your WordPress site is slow

7 reasons why your WordPress site is slow

Related News

7 best practices and tools to use for Linux security

7 best practices and tools to use for Linux security

March 24, 2023 5:00 pm
CISA aims to identify vulnerabilities that attract ransomware

CISA aims to identify vulnerabilities that attract ransomware

March 22, 2023 2:10 pm
7 best cybersecurity schools

7 best cybersecurity schools

March 21, 2023 9:00 pm
Akamai researchers warn about the new HinataBot botnet

Akamai researchers warn about the new HinataBot botnet

March 20, 2023 6:10 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Recent News

  • [Event] Grab your DeveloperWeek Europe 2023 ticket free
  • How to get Linux ready for gaming
  • Trisquel GNU/Linux 11.0 review
  • What is continuous testing in DevOps?
  • [Event] FOSSASIA Summit 2023 – Get your discounted ticket now

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Artificial Intelligence
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.