Mail System Vulnerability Delivers Root PrivilegesMail System Vulnerability Delivers Root Privileges
The vulnerability in Exim could allow an attacker to remotely execute code with root privileges.
September 7, 2019
Exim, the mail transfer agent used by more than half the email servers on the Internet, has a vulnerability. The flaw, found in versions from 4.80 through 4.92.1, allows a malicious actor to use an encrypted TLS connection to remotely execute code with root privileges.
The vulnerability, designated CVE-2019-15846, was discovered by researcher Zerons in late July. It takes advantage of the TLS ServerName Indicator (SNI), a feature that allows TLS to serve different certificates for various websites on a single server. A buffer overflow triggered by a relatively simple SNI request followed by a counterfeit client certificate are enough to exploit the vulnerability.
Responsible disclosure procedures were followed and a patch for the vulnerability has been made available in Exim 4.92.2.
For more, read here.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
2022 Insurance Industry Cyber Threat Landscape Report
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report