2:15pm, 5 May 2021
TLP Rating:
Update released for critical vulnerabilities in Exim
Qualys has discovered and released a detailed security advisory about 21 vulnerabilities in Exim. These are a combination of Remote Code Execution (RCE), both authenticated and unauthenticated, and privilege escalation. An attacker could exploit a combination of these to gain root access on vulnerable Exim servers.
CERT NZ recommends all Exim users upgrade to 4.94.2, or the fixed version from your upstream package repository.
What's happening
Systems affected
Exim versions before 4.94.2
For a full list of vulnerabilities and affected versions, you can read the Qualys Security Advisory. External Link
What this means
An attacker could gain root access on vulnerable mail servers by exploiting unauthenticated RCE, and a privilege escalation vulnerability. This level of access can lead to data exfiltration and further network compromise.
What to look for
How to tell if you're at risk
You are at risk if you are running Exim mail servers older than 4.94.2. Some Linux distributions will backport security fixes to older versions, check the release notes relevant to your systems.
What to do
Prevention
Upgrade to 4.94.2, or apply patches from your distribution that fix this issue.
More information
Qualys Security Advisory about these vulnerabilities. External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.