Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/7/2019
04:00 PM
100%
0%

Vulnerability Found in Millions of Email Systems

The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.

Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations.

An MTA functions much like a router dedicated to email. Researchers have found more than 4.1 million systems are potentially vulnerable to the flaw.

Exim's maintainers acknowledged the vulnerability (CVE-2019-10149) on June 3. Present in Exim 4.87 through 4.91, the vulnerability could allow an attacker to execute commands as root, with no privilege escalation required.

According to researchers at Tenable, no exploits have been seen in the wild, though they expect at least proof-of-concept exploits to appear in the near future. In the meantime, the vulnerability has been patched, though a Shodan scan executed by Tenable researchers on June 6 showed just 475,591 running updated and patched versions of Exim.

Read more herehere and here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/9/2019 | 3:59:57 AM
Dovecot+Exim Still an Issue
Some years ago (2013) RedTeam Pentesting GmbH revealed issues with Dovecot+Exim, but there are likely still systems out there with the Dovecot+Exim configuration as with this 2019 vulnerability.  Information Security is more than network-based, and for the one to be successful systems management teams need also to be on top of their application management procedures and maintenance.  I grew up on FOSS systems and wouldn't have a career without them, but the ease of build and deployment some of these open apps and systems offer is ripe for bad maintenance and configuration.  InfoSec must be harder on the joint management of network and systems and enforce policies for audit, patching and upgrading all software.  A solid configuration management system lends to success in this.

      
MelBrandle
50%
50%
MelBrandle,
User Rank: Apprentice
6/13/2019 | 2:06:30 AM
We need to improve
We need to really buck up and improve our systems. To know that in today's modern era, we are still witnessing lapses in our email systems. Attackers are getting more advanced by the day but we are simply becoming more vulnerable? This won't do if we wish to stay vigilant to counter any potential cyber attacks.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.